Exploit Kit Delivers Double Payload

Tuesday, August 5, 2014 @ 07:08 PM gHale

When it comes to delivering and landing an exploit kit, it all comes down to deception and decoys. That is why bad guys modified the way Fiesta Exploit Kit (EK) delivers its payload to its victims by sending two malicious files.

While this is not a new, the technique is effective when packaging different malware in order to increase the chances of infecting a computer, as the security solution protecting the system may not detect both files, said security researcher Jerome Segura of Malwarebytes.

Botnet Stays Strong Globally
Cloud Botnets able to Mine Coin
Malware Threat Targets Linux, Unix
Bad Guys Use Govt. Quality Malware

It is possible to detect the new behavior in Fiesta EK since the two malicious files are visible to the engines of antivirus products from VirusTotal.

However, in some cases, only one of them ends up properly identified as malicious, which could put the user at risk.

A single file downloads on the computer, and when extracted, two executable files become available. As per Malwarebytes detection, one of them is a spyware and the other is a Trojan.

Segura said the landing page for Fiesta EK contained various exploits, as well as a single malware file, with Java as the parent process. Further analysis showed that two payloads ended up dropped on the systems.

Leave a Reply

You must be logged in to post a comment.