Exploit Kits (EK), arguably the most impactful malicious infrastructure on the Internet, constantly evolve to evade detection by security technology. Tremendous effort has been spent on tracking new variations of different EK families. In this report, we look at an EK from an operational point of view. Specifically, we have been tracking the activity of the notorious Angler Exploit Kit and have uncovered traces of what we believe to be a large underground industry behind this EK.
Key findings:
- Detected over 90,000 compromised websites involved in Angler’s operation.
- Discovered a highly organized operation that periodically updates the malicious content across all of the compromised websites and all of the EK gate sites at the same time.
- Discovered fine-grained control over the distribution of malicious content.
- Found potential connections between activities of scanning vulnerable websites and leveraging scanned websites as entry point for the EK.
No comments:
Post a Comment