Cryptocurrency: Types of crime and ways of protection
infosec

Cryptocurrency: Types of crime and ways of protection

When we talk about cryptocurrency always comes to our minds and crime, especially electronic crime. Cryptos are vulnerable ...
Read More
infosec tweaks

5 key steps for greater security of a data center

Data Center: We all know so far that Cloud technology has changed our lives. The cloud is here for ...
Read More
infosec

Netflix: Hackers see the spectators' choices at Bandersnatch

The interactive Black Mirror: Bandersnatch, released in December by Netflix, made a great impression on the audience. The special ...
Read More
infosec

Hackers use Bit.ly, BlogSpot, and Pastebin to distribute RevengeRAT

A new survey by the Palo Alto Networks Unit 42 revealed a malicious campaign that took place in March and ...
Read More
infosec

Car Hacking: More likely to be done by a mechanic than by a hacker

When we talk about car hacking, it comes to mind a hacker who gets remote access to the car system ...
Read More
Latest Posts

Sundown is stolen exploits from other Exploit Kits

The Sundown Exploit Kit (EK), which attempts to fill the gap left by Angler and Nuclear EK, is nothing more than a collection of copied exploits, according to the Trustave SpiderLabs team.

The Sundown, who was first noted in June of 2015, was for a long time a "small player" on the EK market, always below the competition, something even its creators knew and rarely bothered to update their tool.

Sundown is stolen exploits from other Exploit Kits

Things changed after the disappearance of Angler and Nuclear from the spring market, which Zscaler pointed out three months ago in June, when the company announced a sharp increase in activity by the creators of Sundown, the Yugoslav Business Network Yugoslavian Business Network - YBN).

Three months later, Trustwave he says that this increase in activity yielded a boosted Exploit kit, but not in the way many waited.

Instead of developing their own exploits, the Sundown team just stole exploits from other EKs or copied ones that were available for free on the internet.

According to a technical analysis of the Sundown exploitation chain, Trustwave researchers found four different exploits:

They say that YBN was stolen first by Angler (IE exploit - CVE-2015-2419), the second was stolen by RIG EK (Silverlight exploit - CVE-2016-0034), the third took it from the Hacking Team data dump exploit - CVE-2015-5119) and the fourth stole it from Magnitude EK (Flash exploit - CVE-2016-4117).

His team Angler, which was in fact a group of criminals who originally developed the Lurk banking trojan, was famous for adding ever new exploits to their EKs since they first appeared on the market.

Almost certainly, the YBN team will not acquire new customers unless they start offering better exploits, but also newer ones. The team also needs a larger arsenal, as 4-5 exploits are hard to cover all the bases for a serious malvertising campaign.

Sundown's dull effort is why a recent Zscaler report reports Neutrino and RIG as the two top exploits, with Magnitude and Sundown staying back in the rankings.

According to Zscaler, in recent months, Neutrino is mostly used for the delivery of Gamarue malware dropper, Tofsee backdoor trojan and CryptXXX and CripMIC ransomware.

On the other hand, Rig distributes Tofsee, the Cerber ransomware, as well as Gootkit and Vawtrack banking trojans. Magnitude continued to spread Cerber ransomware, as it always did.

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *