logo
logo
logo
logo
Gladys Wiggins 2017-08-16
img

WebEx on Firefox is among the targets of a new exploit kit that's started circulating on Russian nastyware exchanges.

The Disdain-based exploit kit is described here by security services outfit IntSights, which says the exploit kit is offered by someone using the handle "Cehceny".

David Montenegro (@CryptoInsane) says Disdain is a copy-paste of the open source BEPS exploit kit.

This is a Copy & & Paste of BEPS Exploit Kit( Open Source ) .. pic.twitter.com/ROWd3YH5Tf

— David Montenegro (@CryptoInsane) August 9, 2017

IntSights says the kit includes:

collect
0
Jerry Miller 2017-08-23
img

A new global malvertising campaign recently detected by security experts involves hackers using the Neptune exploit kit to drop cryptocurrency miners.

Despite a recent substantial drop in activities since the infamous Angler exploit kit was shut down in 2016, hackers are still using exploit kits in new campaigns.

The Neptune exploit kit, aka the Terror exploit kit, was used in the new malvertising campaign to drop Monero miners and involved hackers abusing legitimate pop-up ad services "within Alexa's top 100" to redirect victims to malicious sites.

Researchers at FireEye said the new campaign, which was discovered in July this year, targeted Europe, the US, South Korea, Singapore, Thailand, Japan, South America and Canada.

"Despite an observable decline in exploit kit activity, users are still at risk, especially if they have outdated or unpatched software.

This threat is especially dangerous considering drive-by exploit kits (such as Neptune EK) can use malvertisements to seamlessly download payloads without ever alerting of the user," the FireEye researchers said in a blog.

collect
0
Mark Alexander 2019-06-27
img

Ransomware is a clear and present threat to many businesses, but now a threat analyst has warned of another attack vector the malware can exploit, rather than the usual phishing route.

Researcher nao_sec warned that the Sodinokibi ransomware is now being distributed through malvertising that leads to the RIG exploit kit.

Malvertising campaigns traditionally inject malicious or malware-laden advertisements into seemingly legitimate online adverts.

Speaking to the security website BleepingComputer.com, Nao_sec said the compromise was done via “advertisements on the PopCash ad network that redirected users to the exploit kit based on certain conditions.”

Essentially PopCash is a very popular video converter site.

So when visitors come to the site to convert their videos, the ad server would reportedly load the exploit kit.

collect
0
Carlos Marier 2016-07-13
img

Cybercrooks behind the Sundown Exploit Kit are rapidly updating the hacking tool in a bid to exploit a gap in the market created by the demise of the Angler and Nuclear exploit kits.

While RIG and Neutrino have been the primary protagonists in the void left by Angler and Nuclear, Sundown is also vying for an increased share in the exploit kit marketplace.

Security researchers at Zscaler ThreatLabZ reckon the miscreants behind Sundown have accelerated the evolution of what started out as a fairly rudimentary exploit kit since the beginning of 2016.

The crooks behind Sundown used stolen code from the rival RIG exploit kit for a short time before subsequently knitting together their own code, security researchers at cloud security firm Zscaler ThreatLabZ report.

Elements of the latest version of the cybercrime toolkit include an image referencing the self-styled Yugoslavian Business Network – likely a reference to the infamous Russian Business Network cybercrime group.

Zscaler ThreatLabZ researchers commented: This Russian Business Network inspired group may or may not be responsible for Sundown, but there does appear to be a German language group offering coding services on forums under the YBN moniker, with many commenters voicing their pleasure with the services.

collect
0
Everett Enriquez 2017-08-03
img

The Magnitude Exploit Kit is being used to deliver the Cerber ransomware, as the attackers obfuscate the code

The Cerber ransomware is being delivered to specific countries in Asia, most notably South Korea, according to recent telemetry of the Magnitude exploit kit.

That is the warning from security specialists Malwarebytes, which said that South Korea is the most impacted country amid a slew of ongoing malvertising campaigns.

It should be remembered that the Magnitude exploit kit has been around for a number of years now.

In 2014 it was found to be popular among cyber criminals, thanks to its high success probability and an innovative distribution model that didn’t require ‘customers’ to make a downpayment.

‘Malvertising’ threats have proven to be a growing area in the cybersecurity field over the past few years as more and more sites depend on adverts for revenue.

collect
0
James Howard 2016-09-21
img

Malware writers have penetrated the website of hair-dye-for-greying-blokes outfit Just For Men, foisting a password-stealing trojan at visitors, Malwarebytes researcher Jerome Segura says.

Attackers are using the RIG exploit kit, which recently dethroned Neutrino as the most popular of the off-the-shelf crime kits that make exploitation easier for black hats.

Just For Men parent company Combe updated the site from a vulnerable version of WordPress following a tip off from Segura.

"Our automated systems detected the drive-by download attack pushing the RIG exploit kit, eventually distributing a password stealing trojan," Segura says.

"... the homepage of justformen.com has been injected with obfuscated code which belongs to the EITest campaign and this gate is used to perform the redirection to the exploit kit."

The attack campaign reported in October 2014 used a Flash file to compromise thousands of websites, including the Department of Statistics at Carnegie Mellon University.

collect
0
Blaine Pilgrim 2016-06-28
img

Victims subject to exploit kit are often hit with bank trojans and ransomware.

The infamous Angler exploit kit was the world's most capable and most popular until its sudden cessation earlier this month for reasons unknown.

Check Point has chalked up the death of Nuclear as a possible response to its two part research in which it revealed the internals of the exploit kit's infrastructure.

"At the end of April, just a few days after our first report was published, the existing Nuclear infrastructure ceased operation entirely – all Nuclear panel instances and the master server stopped serving malicious content and responding to requests from their IP addresses," Check Point researchers say.

"Additional researchers identified that Nuclear has ceased its activities as of late April as well.

The exploit kit marketplace has been shaken up before, typically thanks to arrests of high-profile authors including Black Hole developer Dmitry Fedotov, known as Paunch.

collect
0
Richard Skaggs 2016-05-19
img

Security researchers have lifted the lid on the Nuclear exploit kit, rated the second largest malware-as-a-service toolkit in the world.

Nuclear has generated 1.8 million attacks worth $12m in revenue in one month alone, chiefly through slinging the infamous Locky ransomware.

The estimated monthly revenue for the developers of Nuclear is $100,000, according to Check Point.

The toolkit is second only behind the infamous Angler exploit kit as a means to run drive-by attacks from hacker-controlled websites.

Compromised sites, sometimes otherwise-legitimate internet hangouts, harbor malicious code that pushes malware onto the Windows PCs of visiting surfers using Flash-based exploits and the like.

Check Point's researchers explain how the developers of Nuclear exploit kit rent it to attackers, and analyze the source code of Nuclear and the source code of every exploit that uses the kit.

collect
0
Jason Hill 2016-12-15
img

Cybercriminals release exploit kit that serves code to routers instead of browsers to insert malicious ads.

Security researchers have detected cybercriminals using a very sneaky new exploit kit to hijack and infect home routers with an endless supply of malicious adsiStock

To continue providing news and award winning journalism, we rely on advertising revenue.

To continue reading, please turn off your ad blocker or whitelist us.

Cybercriminal gangs have found a new way to serve malicious ads in such a way so it is hard to get rid of them – infect your internet router rather than your web browser by silently making requests to your computer without your knowledge.

US security firm Proofpoint has discovered a new exploit kit called DNSChanger EK that aims to serve an endless series of malicious ads on every single website the user visits known as a "malvertising campaign" .

collect
0
Ronnie Allen 2019-06-27
img

Cybercriminals have compromised the servers used to show ads on a popular YouTube to MP3 conversion website in an effort to to help spread the GreenFlash exploit kit and Seon ransomware.

Malvertising is a popular technique among hackers and scammers as it enables them to reach a much wider audience by embedding malicious code or links in advertisements.

When a visitor to a site hosting malicious ads clicks on one of them, they are either directed to a fraudulent website or their system is infected with a malicious payload.

What makes malvertising so effective, is the fact that legitimate domains can end up hosting malicious ads without their knowledge, which ends up making them a malware distributor without even realizing it.

Recently, cybercriminals have used the technique to help spread the GreenFlash Sundown exploit kit through a large-scale malvertising campaign.

Malwarebytes researcher Jérôme Segura provided further insight into how the GreenFlash Sundown exploit kit is being spread beyond Asia in a blog post, saying:

collect
0
Kay Pry 2017-07-05
img

The group behind the campaign has gone to great lengths to slip under the radar

Malwarebytes has discovered a large malvertising campaign that is using the Astrum exploit kit to spread malware to unsuspecting users as they browse the web.

The notorious AdGholas group is believed to be behind the campaign and is rather cleverly using the recent WannaCry and NotPetya ransomware hysteria as a diversion to help it operate under the radar.

Malwarebytes says the group has been “going to great lengths to be as stealthy as possible” and has successfully fooled advertising networks into displaying malicious ads.

“On June 28, we started seeing a new wave of drive-by download attacks distributed globally pushing the Astrum exploit kit,” writes Jérôme Segura, lead malware intelligence analyst at Malwarebytes.

“Sure enough, it was associated with AdGholas activity via a new decoy website.

collect
0
William Cutright 2019-06-27
img

An ongoing operation that’s installing ransomware and other malware on the computers of unsuspecting website visitors is one of the most potent drive-by attack campaigns researchers have seen in recent memory.

The attacks install three pieces of malware using an exploit kit called GreenFlash Sundown, which researchers identified in 2015 and have continued to follow since.

Attacks in recent weeks have spiked again as ShadowGate—one of the names given to the hacker group behind the campaign—has unleashed a highly revamped version of the exploit kit on hacked ad servers run by Web publishers.

]com, a site with more than 200 million visitors per month that converts YouTube videos into video files that can be stored on a computer hard drive.

“They are ongoing and with a scale we haven’t seen in a couple of years when it comes to exploit kit-related attacks,” Jérôme Segura, a Malwarebytes researcher tracking the campaign, said of the attacks on onlinevideoconverter[.

Previously, he said, the group had largely limited attacks to South Korea.

collect
0
James Dixon 2018-04-16
img

One of the world's longest-lived malware networks, EITest, has gone offline.

EITest was part of several infection chains, used by attackers to redirect users from legitimate sites to compromised sites that shipped exploit kits.

In 2016, for example, it was part of an attack that used shampoo brand Just for Men to push the RIG exploit kit.

To get rid of EITest, Proofpoint says it worked with researchers from BrilliantIT and Abuse.ch to sinkhole the infection chain.

Proofpoint's researchers wrote that EITest emerged in 2011, took a brief hiatus between 2013 and 2014, then re-emerged as a traffic seller in malware markets: “In 2014, we found that the actor was selling traffic in blocks of 50-70,000 visitors for US$20 per thousand, generating between $1,000 and $1,400 per block of traffic.”

More recently, it changed focus to concentrate on social engineering and technical support scams.

collect
0
Christopher Driskell 2017-01-11
img

Authors of the Sundown exploit kit have integrated a since patched and limited Microsoft Edge vulnerability from a security firm's public proof-of-concept.

The addition of the twin bugs CVE-2016-7200 and CVE-2016-7201 means unpactched users of one of the world's most unpopular web browsers are likely to be targeted by a wide cross-section of malware writers.

It is no cause for high concern for most Windows users: the Edge browser by default applies patches automatically meaning fewer users would be affected, while improved exploit mitigations in Windows 10 frustrates the ability for criminals to have malware execute.

However, the Edge Chakra JavaScript scripting exploit will be incorporated quickly into rival kits since use of zero days and new vulnerabilities are a prized advantage in the highly competitive exploit kit market.

Malware monitor Kafeine reported Sundown's use of the exploits which were taken from a proof-of-concept released by Texas security startup Theori.

I have been told that with Windows 10 release 1607 , Microsoft Edge has some quite strong mitigation," Kafeine says.

collect
0
James Desmond 2018-03-27
img

In 2017, exploit kit development declined 62 per cent, with only a few kits including AKBuilder, Disdain and Terror showing significant activity, according to a study by threat intel firm Recorded Future.

In contrast to previous years, criminal exploit kits and phishing campaigns favoured Microsoft products in 2017, rather than Adobe Flash vulnerabilities.

Exploiting Java and Adobe Flash flaws to push malware after tricking surfers into visiting booby-trapped websites has been the staple of so-called drive-by hacking attacks for years.

Java vulnerabilities dropped steadily between 2013 and 2016, prompting cybercriminals to switch over to Adobe Flash.

Now that route has also been throttled.

"The observed drop in exploit kit activity overlaps with the rapid decline of Flash Player usage," said Scott Donnelly, VP of technical solutions at Recorded Future.

collect
0
William Ly 2016-08-16
img

The Angler exploit kit has all-but vanished and whoever knows why isn't talking.

Angler was the most powerful and sought-after exploit kit on the market boasting rapid integration of new vulnerabilities that made it able to employ zero day attacks on Flash, Java, and Silverlight.

Or maybe Russian agents bagged and blackmailed them, maybe even dropping one or two into the Black Sea, goes another.

The fall of a giant.

The prevailing theory is that the Angler authors were picked up by Russian authorities in June, the same time when Angler activity ceased, as part of sweeping arrests of some 50 hackers in the largest raids of its kind.

Some of those hackers are felt to have been associated with the Lurk Trojan.

collect
0
Gladys Wiggins 2017-08-16
img

WebEx on Firefox is among the targets of a new exploit kit that's started circulating on Russian nastyware exchanges.

The Disdain-based exploit kit is described here by security services outfit IntSights, which says the exploit kit is offered by someone using the handle "Cehceny".

David Montenegro (@CryptoInsane) says Disdain is a copy-paste of the open source BEPS exploit kit.

This is a Copy & & Paste of BEPS Exploit Kit( Open Source ) .. pic.twitter.com/ROWd3YH5Tf

— David Montenegro (@CryptoInsane) August 9, 2017

IntSights says the kit includes:

Mark Alexander 2019-06-27
img

Ransomware is a clear and present threat to many businesses, but now a threat analyst has warned of another attack vector the malware can exploit, rather than the usual phishing route.

Researcher nao_sec warned that the Sodinokibi ransomware is now being distributed through malvertising that leads to the RIG exploit kit.

Malvertising campaigns traditionally inject malicious or malware-laden advertisements into seemingly legitimate online adverts.

Speaking to the security website BleepingComputer.com, Nao_sec said the compromise was done via “advertisements on the PopCash ad network that redirected users to the exploit kit based on certain conditions.”

Essentially PopCash is a very popular video converter site.

So when visitors come to the site to convert their videos, the ad server would reportedly load the exploit kit.

Everett Enriquez 2017-08-03
img

The Magnitude Exploit Kit is being used to deliver the Cerber ransomware, as the attackers obfuscate the code

The Cerber ransomware is being delivered to specific countries in Asia, most notably South Korea, according to recent telemetry of the Magnitude exploit kit.

That is the warning from security specialists Malwarebytes, which said that South Korea is the most impacted country amid a slew of ongoing malvertising campaigns.

It should be remembered that the Magnitude exploit kit has been around for a number of years now.

In 2014 it was found to be popular among cyber criminals, thanks to its high success probability and an innovative distribution model that didn’t require ‘customers’ to make a downpayment.

‘Malvertising’ threats have proven to be a growing area in the cybersecurity field over the past few years as more and more sites depend on adverts for revenue.

Blaine Pilgrim 2016-06-28
img

Victims subject to exploit kit are often hit with bank trojans and ransomware.

The infamous Angler exploit kit was the world's most capable and most popular until its sudden cessation earlier this month for reasons unknown.

Check Point has chalked up the death of Nuclear as a possible response to its two part research in which it revealed the internals of the exploit kit's infrastructure.

"At the end of April, just a few days after our first report was published, the existing Nuclear infrastructure ceased operation entirely – all Nuclear panel instances and the master server stopped serving malicious content and responding to requests from their IP addresses," Check Point researchers say.

"Additional researchers identified that Nuclear has ceased its activities as of late April as well.

The exploit kit marketplace has been shaken up before, typically thanks to arrests of high-profile authors including Black Hole developer Dmitry Fedotov, known as Paunch.

Jason Hill 2016-12-15
img

Cybercriminals release exploit kit that serves code to routers instead of browsers to insert malicious ads.

Security researchers have detected cybercriminals using a very sneaky new exploit kit to hijack and infect home routers with an endless supply of malicious adsiStock

To continue providing news and award winning journalism, we rely on advertising revenue.

To continue reading, please turn off your ad blocker or whitelist us.

Cybercriminal gangs have found a new way to serve malicious ads in such a way so it is hard to get rid of them – infect your internet router rather than your web browser by silently making requests to your computer without your knowledge.

US security firm Proofpoint has discovered a new exploit kit called DNSChanger EK that aims to serve an endless series of malicious ads on every single website the user visits known as a "malvertising campaign" .

Kay Pry 2017-07-05
img

The group behind the campaign has gone to great lengths to slip under the radar

Malwarebytes has discovered a large malvertising campaign that is using the Astrum exploit kit to spread malware to unsuspecting users as they browse the web.

The notorious AdGholas group is believed to be behind the campaign and is rather cleverly using the recent WannaCry and NotPetya ransomware hysteria as a diversion to help it operate under the radar.

Malwarebytes says the group has been “going to great lengths to be as stealthy as possible” and has successfully fooled advertising networks into displaying malicious ads.

“On June 28, we started seeing a new wave of drive-by download attacks distributed globally pushing the Astrum exploit kit,” writes Jérôme Segura, lead malware intelligence analyst at Malwarebytes.

“Sure enough, it was associated with AdGholas activity via a new decoy website.

James Dixon 2018-04-16
img

One of the world's longest-lived malware networks, EITest, has gone offline.

EITest was part of several infection chains, used by attackers to redirect users from legitimate sites to compromised sites that shipped exploit kits.

In 2016, for example, it was part of an attack that used shampoo brand Just for Men to push the RIG exploit kit.

To get rid of EITest, Proofpoint says it worked with researchers from BrilliantIT and Abuse.ch to sinkhole the infection chain.

Proofpoint's researchers wrote that EITest emerged in 2011, took a brief hiatus between 2013 and 2014, then re-emerged as a traffic seller in malware markets: “In 2014, we found that the actor was selling traffic in blocks of 50-70,000 visitors for US$20 per thousand, generating between $1,000 and $1,400 per block of traffic.”

More recently, it changed focus to concentrate on social engineering and technical support scams.

James Desmond 2018-03-27
img

In 2017, exploit kit development declined 62 per cent, with only a few kits including AKBuilder, Disdain and Terror showing significant activity, according to a study by threat intel firm Recorded Future.

In contrast to previous years, criminal exploit kits and phishing campaigns favoured Microsoft products in 2017, rather than Adobe Flash vulnerabilities.

Exploiting Java and Adobe Flash flaws to push malware after tricking surfers into visiting booby-trapped websites has been the staple of so-called drive-by hacking attacks for years.

Java vulnerabilities dropped steadily between 2013 and 2016, prompting cybercriminals to switch over to Adobe Flash.

Now that route has also been throttled.

"The observed drop in exploit kit activity overlaps with the rapid decline of Flash Player usage," said Scott Donnelly, VP of technical solutions at Recorded Future.

Jerry Miller 2017-08-23
img

A new global malvertising campaign recently detected by security experts involves hackers using the Neptune exploit kit to drop cryptocurrency miners.

Despite a recent substantial drop in activities since the infamous Angler exploit kit was shut down in 2016, hackers are still using exploit kits in new campaigns.

The Neptune exploit kit, aka the Terror exploit kit, was used in the new malvertising campaign to drop Monero miners and involved hackers abusing legitimate pop-up ad services "within Alexa's top 100" to redirect victims to malicious sites.

Researchers at FireEye said the new campaign, which was discovered in July this year, targeted Europe, the US, South Korea, Singapore, Thailand, Japan, South America and Canada.

"Despite an observable decline in exploit kit activity, users are still at risk, especially if they have outdated or unpatched software.

This threat is especially dangerous considering drive-by exploit kits (such as Neptune EK) can use malvertisements to seamlessly download payloads without ever alerting of the user," the FireEye researchers said in a blog.

Carlos Marier 2016-07-13
img

Cybercrooks behind the Sundown Exploit Kit are rapidly updating the hacking tool in a bid to exploit a gap in the market created by the demise of the Angler and Nuclear exploit kits.

While RIG and Neutrino have been the primary protagonists in the void left by Angler and Nuclear, Sundown is also vying for an increased share in the exploit kit marketplace.

Security researchers at Zscaler ThreatLabZ reckon the miscreants behind Sundown have accelerated the evolution of what started out as a fairly rudimentary exploit kit since the beginning of 2016.

The crooks behind Sundown used stolen code from the rival RIG exploit kit for a short time before subsequently knitting together their own code, security researchers at cloud security firm Zscaler ThreatLabZ report.

Elements of the latest version of the cybercrime toolkit include an image referencing the self-styled Yugoslavian Business Network – likely a reference to the infamous Russian Business Network cybercrime group.

Zscaler ThreatLabZ researchers commented: This Russian Business Network inspired group may or may not be responsible for Sundown, but there does appear to be a German language group offering coding services on forums under the YBN moniker, with many commenters voicing their pleasure with the services.

James Howard 2016-09-21
img

Malware writers have penetrated the website of hair-dye-for-greying-blokes outfit Just For Men, foisting a password-stealing trojan at visitors, Malwarebytes researcher Jerome Segura says.

Attackers are using the RIG exploit kit, which recently dethroned Neutrino as the most popular of the off-the-shelf crime kits that make exploitation easier for black hats.

Just For Men parent company Combe updated the site from a vulnerable version of WordPress following a tip off from Segura.

"Our automated systems detected the drive-by download attack pushing the RIG exploit kit, eventually distributing a password stealing trojan," Segura says.

"... the homepage of justformen.com has been injected with obfuscated code which belongs to the EITest campaign and this gate is used to perform the redirection to the exploit kit."

The attack campaign reported in October 2014 used a Flash file to compromise thousands of websites, including the Department of Statistics at Carnegie Mellon University.

Richard Skaggs 2016-05-19
img

Security researchers have lifted the lid on the Nuclear exploit kit, rated the second largest malware-as-a-service toolkit in the world.

Nuclear has generated 1.8 million attacks worth $12m in revenue in one month alone, chiefly through slinging the infamous Locky ransomware.

The estimated monthly revenue for the developers of Nuclear is $100,000, according to Check Point.

The toolkit is second only behind the infamous Angler exploit kit as a means to run drive-by attacks from hacker-controlled websites.

Compromised sites, sometimes otherwise-legitimate internet hangouts, harbor malicious code that pushes malware onto the Windows PCs of visiting surfers using Flash-based exploits and the like.

Check Point's researchers explain how the developers of Nuclear exploit kit rent it to attackers, and analyze the source code of Nuclear and the source code of every exploit that uses the kit.

Ronnie Allen 2019-06-27
img

Cybercriminals have compromised the servers used to show ads on a popular YouTube to MP3 conversion website in an effort to to help spread the GreenFlash exploit kit and Seon ransomware.

Malvertising is a popular technique among hackers and scammers as it enables them to reach a much wider audience by embedding malicious code or links in advertisements.

When a visitor to a site hosting malicious ads clicks on one of them, they are either directed to a fraudulent website or their system is infected with a malicious payload.

What makes malvertising so effective, is the fact that legitimate domains can end up hosting malicious ads without their knowledge, which ends up making them a malware distributor without even realizing it.

Recently, cybercriminals have used the technique to help spread the GreenFlash Sundown exploit kit through a large-scale malvertising campaign.

Malwarebytes researcher Jérôme Segura provided further insight into how the GreenFlash Sundown exploit kit is being spread beyond Asia in a blog post, saying:

William Cutright 2019-06-27
img

An ongoing operation that’s installing ransomware and other malware on the computers of unsuspecting website visitors is one of the most potent drive-by attack campaigns researchers have seen in recent memory.

The attacks install three pieces of malware using an exploit kit called GreenFlash Sundown, which researchers identified in 2015 and have continued to follow since.

Attacks in recent weeks have spiked again as ShadowGate—one of the names given to the hacker group behind the campaign—has unleashed a highly revamped version of the exploit kit on hacked ad servers run by Web publishers.

]com, a site with more than 200 million visitors per month that converts YouTube videos into video files that can be stored on a computer hard drive.

“They are ongoing and with a scale we haven’t seen in a couple of years when it comes to exploit kit-related attacks,” Jérôme Segura, a Malwarebytes researcher tracking the campaign, said of the attacks on onlinevideoconverter[.

Previously, he said, the group had largely limited attacks to South Korea.

Christopher Driskell 2017-01-11
img

Authors of the Sundown exploit kit have integrated a since patched and limited Microsoft Edge vulnerability from a security firm's public proof-of-concept.

The addition of the twin bugs CVE-2016-7200 and CVE-2016-7201 means unpactched users of one of the world's most unpopular web browsers are likely to be targeted by a wide cross-section of malware writers.

It is no cause for high concern for most Windows users: the Edge browser by default applies patches automatically meaning fewer users would be affected, while improved exploit mitigations in Windows 10 frustrates the ability for criminals to have malware execute.

However, the Edge Chakra JavaScript scripting exploit will be incorporated quickly into rival kits since use of zero days and new vulnerabilities are a prized advantage in the highly competitive exploit kit market.

Malware monitor Kafeine reported Sundown's use of the exploits which were taken from a proof-of-concept released by Texas security startup Theori.

I have been told that with Windows 10 release 1607 , Microsoft Edge has some quite strong mitigation," Kafeine says.

William Ly 2016-08-16
img

The Angler exploit kit has all-but vanished and whoever knows why isn't talking.

Angler was the most powerful and sought-after exploit kit on the market boasting rapid integration of new vulnerabilities that made it able to employ zero day attacks on Flash, Java, and Silverlight.

Or maybe Russian agents bagged and blackmailed them, maybe even dropping one or two into the Black Sea, goes another.

The fall of a giant.

The prevailing theory is that the Angler authors were picked up by Russian authorities in June, the same time when Angler activity ceased, as part of sweeping arrests of some 50 hackers in the largest raids of its kind.

Some of those hackers are felt to have been associated with the Lurk Trojan.