Exploit Kit Remains Adaptive

Tuesday, August 12, 2014 @ 05:08 PM gHale


The Magnitude Exploit Kit (EK) is responsible for a large portion of the exploit kit market share and once infected high-profile websites such as Yahoo Ad Network and PHP.net.

After getting under the hood and examining its administration panel, researchers at Trustwave found a well-oiled machine ready to change at a moment’s notice to avoid security companies’ attempts to stop the exploit kit.

RELATED STORIES
Exploit Kit Delivers Double Payload
Attack on Tor to Deanonymize Users
Malware Down, but Infrastructure Remains
New Exploit Kit Delivering Ransomware

The control page of the package offered its operators complete information on the infection rates, domain blacklisting, antivirus detection rates for the exploits, self-imposed geo-IP restrictions preventing malware spread, and details about the victims’ machine (operating system and web browser used) and country, according to a published report.

Moreover, Trustwave found Magnitude’s administration panel also provides the latest news about the EK. For instance, the operators posted they made the decision to reset statistics twice a week, for security reasons.

At one point, they let other users know the malware delivery mechanism improved and the infection rate should see an increase.

Magnitude EK relied on three exploits, one for Internet Explorer 6 through 10, responsible for most infections (85 percent), and the other two for Java.

Trustwave researchers found the EK delivered no less than seven malware pieces to the victim, allowing its customers to use their own malicious files.

For a better understanding of the efficiency of this exploit kit, out of 1.1 million attempts of infection, 210,000 machines fell victim. This amounts to a 20 percent success rate in one month.

The operators behind Magnitude did not discriminate and targeted absolutely any machine they could infect. Trustwave said “a few hundred of the machines that Magnitude attempted to infect were from government agencies from the U.S., Canada, UK and several other countries. Also recorded computers from several universities in Australia, Hong Kong, the U.S. and others.”

At the top of the list of countries most affected by Magnitude EK are United States, France, Iran, and the UK.



Leave a Reply

You must be logged in to post a comment.