New malware appears as a trading application and deceives users
infosec

New malware appears as a trading application and deceives users

Trend Micro researchers have discovered that a new Mac Trojan is being launched, aimed at stealing user information. The...
Read More
infosec

TOP Fake GPS apps to protect your privacy!

Every day most of us use GPS apps for many reasons. From moving in and out of the city, ...
Read More
infosec

The most frequently violated passwords are not due to user error

The German computer security firm Avira has released a press release on the least secure passwords for smartphones and devices ...
Read More
infosec

Experts recommend using appropriate internet routing tools!

Routers use the Border Gateway Protocol (BGP) to inform each other of the best possible ways ...
Read More
infosec

Massive infringement of famous YouTubers accounts

According to a survey, a wave of violations targeting famous YouTubers accounts has been reported for some time. The...
Read More
Latest Posts

Sundown is stolen exploits from other Exploit Kits

The Sundown Exploit Kit (EK), which attempts to fill the gap left by Angler and Nuclear EK, is nothing more than a collection of copied exploits, according to the Trustave SpiderLabs team.

The Sundown, who was first noted in June of 2015, was for a long time a "small player" on the EK market, always below the competition, something even its creators knew and rarely bothered to update their tool.

Sundown is stolen exploits from other Exploit Kits

Things changed after the disappearance of Angler and Nuclear from the spring market, which Zscaler pointed out three months ago in June, when the company announced a sharp rise in activity by the creators of Sundown, the Yugoslav Business Network Yugoslavian Business Network - YBN).

Three months later, Trustwave he says that this increase in activity yielded a boosted Exploit kit, but not in the way many waited.

Instead of developing their own exploits, the Sundown team just stole exploits from other EKs or copied ones that were available for free on the internet.

According to a technical analysis of the Sundown exploitation chain, Trustwave researchers found four different exploits:

They say that YBN was stolen first by Angler (IE exploit - CVE-2015-2419), the second was stolen by RIG EK (Silverlight exploit - CVE-2016-0034), the third took it from the Hacking Team data dump exploit - CVE-2015-5119) and the fourth stole it from Magnitude EK (Flash exploit - CVE-2016-4117).

His team Angler, which was in fact a group of criminals who originally developed the Lurk banking trojan, was famous for adding ever new exploits to their EKs since they first appeared on the market.

Almost certainly, the YBN team will not acquire new customers unless they start offering better exploits, but also newer ones. The team also needs a larger arsenal, as 4-5 exploits are hard to cover all the bases for a serious malvertising campaign.

Sundown's dull effort is why a recent Zscaler report reports Neutrino and RIG as the two top exploits, with Magnitude and Sundown staying back in the rankings.

According to Zscaler, in recent months, Neutrino is mostly used for the delivery of Gamarue malware dropper, Tofsee backdoor trojan and CryptXXX and CripMIC ransomware.

On the other hand, Rig distributes Tofsee, the Cerber ransomware, as well as Gootkit and Vawtrack banking trojans. Magnitude continued to spread Cerber ransomware, as it always did.

How useful was this post?

Average rating / 5. Vote count:

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by
SecWorld

About SecWorld

In a World without Fences who needs Gates (and Windows!).

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *