#exploit kit

Forticlient Endpoint Protection For PC Free Download

FortiClient is a free endpoint protection suite that includes malware/virus detection, rootkit removal, parental web control, and VPN. Malware is detected using updated threat intelligence and definitions from Fortinet’s FortiGuard Labs. Parental control software offers a simple and effective way to block malicious and explicit web sites. Single VPN configuration allows quick and easy secure,…

Exploit Kits Target Windows Users with Ransomware and Trojans

Over the weekend and into today, four different malvertising campaigns have been redirecting users to exploit kits that install password stealing Trojans, ransomware, and clipboard hijackers.

All four of these campaigns were discovered by exploit kit expert nao_secand are being distributed through malvertising that redirect visitors to the exploit kits landing pages. These landing pages are…

New Lord Exploit Kit Pushes njRAT and ERIS Ransomware

A new kit for web-based attacks calling itself Lord EK has been spotted at the beginning of the month as part of a malvertising chain that uses the PopCash ad network.

The exploit kit (EK) leverages a use-after-free vulnerability in Adobe Flash and relies on the ngrok service that can set up a secure connection to expose to the internet local servers behind NATs and firewalls.

Work in progress

D…

New SystemBC Malware Uses Your PC to Hide Malicious Traffic

A new malware strain is being distributed by threat actors via exploit kits like Fallout and RIG to hide malicious network traffic with the help of SOCKS5 proxies set up on compromised computers.

The malware, provisionally named SystemBC by the Proofpoint Threat Insight Team researchers who found it, uses secure HTTP connections to encrypt the information sent to command-and-control servers by…

There’s no such thing as a 100% secure system, no matter what there will always be a flaw that can be exploited. This is true even for systems that aren’t connected to the internet, as attacks on infrastructure such as power plants has showed.

So let’s talk a little bit about the various threats you can be exposed to without even knowing. There are, basically, two ways to break into someone’s computer; the first is through software vulnerabilities - bugs, security flaws, glitches, anything that can be exploited. The second way is by so-called social engineering attacks, where you are the flaw in the system. But not uncommonly, both of these methods are used in combination.

As usual, no prior computer science education required.

Software vulnerabilities

When you’re surfing the web you’re constantly using dozens of programs, functions and browser add-ons simultaneously. They read data sent by the websites you visit and act according to the instructions they receive, for example the flash plugin reads that it’s time to activate and play a video clip, or the PDF-reader gets a signal to open up a document. But each of these functions contain flaws that could lead to a malware infection of your computer without you noticing it.

Today, a majority of infections from surfing the internet is delivered by Exploit kits, programs which upon activation will scan your system for open vulnerabilities in your browser, plugins and other programs, and after finding a suitable infection vector, it will deliver the malware that is able to use the exploit, such as ransomware. The first exploit kit emerged in 2006 and since then many more have appeared and gotten incredibly sophisticated and hard to detect. The most advanced exploit kit, such as Angler, will not be detected by any anti-virus as it never downloads to your computers hard drive, it only runs in the memory, which means no files for the anti-virus program to scan and detect.

Basically an exploit kit is like a person that comes by your home and checks what security is available; can the lock be easily picked? Are there any cameras? Is there any windows open? Is there a key under the door mat? Once the perimeter is scanned and flaws found, it will contact its “headquarter” and report the findings, override the security weaknesses and deploy the desired malicious activity.

So how do you know if a site contains an exploit kit? Well, you don’t, really. Ever. That’s the scary part - exploit kits are so good at hiding and deploying malware undetected (usually through encrypted downloads that will take antivirus programs days to decipher, and if the malware is ransomware, then it’s too late) that we don’t really have any one defense against them. Exploit kits are usually distributed through 3 ways:

1. Compromised sites. Sites that have been hacked and without the original owners knowledge now hosts an exploit kit that will activate whenever a user visits. This can happen to popular and well-known sites such as newspapers, social media, forums, blogs, etc.

2. Drive-by infections. Have you ever seen at the address bar a quick flash of different addresses that you didn’t actually intend to go to, on your way to a site you actually wanted? Browser redirections are very common when it comes to clicking on an advertisement, you’re first sent to the advertisement agency’s server to register that you clicked on that ad so they can gain revenue for it, and then you’re sent to the actual advertised site (hopefully). But browser redirections like these can also be used to deliver an exploit kit. Named after drive-by shootings, where a car quickly drives by the intended target and shots are fired before disappearing again, all happening so fast it’s over before you know it, drive-by infection works just like that. You click on a link to site A but you’re actually for a millisecond taken to site B instead, where malware is located, which deploys, and then you’re sent to site A as intended. Blissfully ignorant of the infection that just took place.

3. Malvertizing. These are simply advertisements that contains exploit kits. As they can appear on legit and trustworthy sites, people will also trust the advertisement to be safe and trustworthy. This is an example of software exploits used together with social engineering, more on that later.

Some security holes are worse than others, with the most critical ones being known as Zero-days. These are flaws in software that the creator behind it is still unaware of, and therefore absolutely no defense against exploiting these flaws exist. These are highly sought-after by malware creators and are bought and sold on the black market. A Zero-day exploit for systems that are fairly secure, such as the iOS for iPhones, can be sold for hundreds of thousands of US dollars - thus malware that uses Zero-day exploits are not only extremely dangerous, but also indicates very resourceful creators. Governments have been known to create advanced malware employing multiple Zero-day exploits, such as the recently discovered Pegasus spyware for iPhones, using no less than 3 Zero-days, created by a Israeli government-sponsored company. The reason these exploits are called Zero-days is because that’s the amount of time the creator behind the software has to fix the flaw once they become aware of it.

Social engineering attacks

These types of attacks exploits the human flaws instead of software flaws. They can manifest in many ways and some doesn’t even require much computer skill from the attacker. For example certain forms of typosquatting exploits; these relies on something as simple as typos. A criminal can register the domain www.facebok.com and make it look exactly like the real Facebook, and will thus be able to deploy malware or gather the login credentials of anyone who accidentally types the wrong address without noticing. This has prompted popular sites, like Facebook, to also purchase addresses that are potential typos of the actual address - such as facebok.com, try it - to redirect to the real one and avoiding frauds.

Typosquatting is also commonly used in targeted attacks against company higher-ups. A checks up on company employees, typically those involved in sales or other positions known for traveling a lot, takes the name of one, and creates a fake company email address. For example Jane Doe, sales representative of Great Company. The fraudster then creates the email address [email protected] - looks exactly like the email addresses used within the company except a little typo. He then proceeds to email someone responsible for finances with something along the lines of “Hey, I am in Japan trying to close the deal but it’s taking longer than expected. Please send 10.000 Euro to this account so I can keep working here until we’re done.”, and the account is of course the fraudsters account.

Another form of social engineering attacks has been to acquire access to accounts that uses security questions for password retrieval, such as “which street did you grow up on?”, “what was the name of your first pet?” and more. An attacker targets the person, checks which security questions they have set for password retrieval, and then they simply go and befriends their target, usually this is done over online gaming with chats available. They start casually chatting up their target with questions like “oh where are you from? Really?! I’m from there too! Which street did you come from?”...

This is why security questions are becoming a less and less popular method for password retrieval.

Social engineering attacks are in most cases targeted against certain individuals or types of individuals. Have you ever seen spam emails and how badly spelled the text usually is? This is actually in many cases intentional, as people who ignore typos or don’t think they’re a red flag are much more likely to follow through after clicking on the suspicious link to the “Is you credit card data safe? Fill it in here and we’ll check!” form or pick “download and run” when prompted with a box asking to download a mysterious file. And as I mentioned previously, people are much more likely to click on advertisements if they deem the hosting site to be reputable. Or click on links if they come from an email that looks legit/is from a friend, not knowing if their account has been hacked.

Much like exploit kits, there are no one way of avoiding a social engineering attack, and you shouldn’t feel bad if you fall victim of one. They are crafted especially to exploit known vulnerabilities of the human psyche.

Protection

Antivirus software has long been the one good source of protection, but unfortunately that is no longer true. When it comes to digital defense it’s actually looking pretty grim - malware is advancing much faster than we can keep up with. The number one protection is no longer antivirus, but to keep your system updated. I can not stress enough how important this is - the biggest source of infection is through known flaws in software like Flash, Java, Silverlight, etc. and the people behind malware knows that users are really, really bad at updating their systems. We all click on “remind me later” or “not now”.

I’m not saying you shouldn’t have antivirus software installed, it’s not useless, I definitely recommend having a good one (it does matter a lot which one you pick, I will probably write a post on this matter later on), but you shouldn’t rely on it too much.

Other than keeping your computer updated and having antivirus installed, there aren’t many other things you can do besides becoming informed on the subject. Learn how malware manifests on your system and warning signs, staying alert, and of course keep a backup of your files on a physical storage device like an external hard drive, and not cloud storage as files there are also vulnerable to malware infections.

BloG -; ANGLER, Ransomware; Kit Explosivo (From Ukraine) }:/ ^-@-guancho2014*-^-@tonyhat2015-^

  Tarde’noche “festiva” por estos lares y hoy toca hablar un <poquito> de una “nueva amenaza” – aunque lleva rondando por ahí desde unos meses – la noticia ha saltado a la “palestra” hace poco, se trata de un nuevo <Ransomware> (“software malicioso” que al <infectar> nuestro “equipo” lo <bloquea> y nos “pide un rescate para recuperar el control“, así de simple).

Como os comento, su “modus…