Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers – is the security community’s go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Terror Exploit Kit? More like Error Exploit Kit

Q: What does it take to create a simple, yet fully functioning exploit kit? A: Just a little bit of determination. A few weeks ago a website popped up on our radar: www[.]***empowernetwork[.]com This web site, like many others in...

RIG's Facelift

RIG EK has been in the headlines recently mainly because both EITEST and PseudoDarkLeech (big traffic gates) have been redirecting traffic to RIG to deliver the CrypMIC Ransomware. A year ago we published a deep analysis of RIG which described...

Sundown EK – Stealing Its Way to the Top

Sundown is one of the newest Exploit Kits on the market these days, and like many up-and-coming exploit kits before it, this means that it is in under constant development. With the recent disappearance of the Angler and Nuclear exploit...

Angler Takes Malvertising to New Heights

We have just discovered an advertising campaign that has been placing malicious advertisements on very popular websites both in the US and internationally. "answers.com" (Alexa rank 420 Global and 155 in the US), "zerohedge.com" (Ranked 986 in the US) and...

Angler Exploit Kit – Gunning For the Top Spot

They say that with great power comes great responsibility. In the world of websites the more popular your website is the greater your responsibility, and being responsible means, amongst other things, keeping your systems up-to-date. We've recently come across an...

Neutrino Exploit Kit Not Responding – Bug or Feature?

A couple of weeks ago we were looking at some exploit kits in one of our lab environments and noticed a decline in the number of Neutrino instances we're seeing. This sent us on yet another journey to investigate Neutrino...

Endless Evasion Racing Game

In the past year we have been exploring the Magnitude Exploit Kit - one of the major actors in the cybercriminal scene. Like most of the modern exploit kits Magnitude is comprised of several layers in order to decrease the...

Neutrino Exploit Kit – One Flash File to Rule Them All

There's been a bit of talk about the Neutrino exploit kit lately, most of it revolving around sites redirecting users to Neutrino. But Neutrino has also been through some interesting technological changes and now the landing page of Neutrino only...

RIG Reloaded - Examining the Architecture of RIG Exploit Kit 3.0

A few months ago the RIG exploit kit took quite a hit when its source code was leaked by a disgruntled reseller. At the time we wrote a blog post detailing the inner workings of RIG's infrastructure and business model,...

Malvertisement – A Nuclear EK Tale

Over the past couple of years delivering malware via advertisements, or "malvertisement," has become one of the most popular methods of distribution for exploit kits. Like most trends in the world of Internet security, the longer it endures - the...

Bedep trojan malware spread by the Angler exploit kit gets political

We recently observed what seems to be a group of cybercriminals helping spread pro-Russia messaging by artificially inflating video views and ratings on a popular video website. The campaign began with the infamous Angler exploit kit infecting victims with the...

RIG Exploit Kit – Diving Deeper into the Infrastructure

Following our previous blog post about the leaking of the RIG exploit kit's source code, we dug deeper into the architecture that facilitates the massive infections using RIG. The screen shot below diagrams RIG's infrastructure. RIG Exploit Kit Infrastructure Most...

RIG Exploit Kit Source Code Leak - The End or Just the Beginning of RIG?

Recently, source code for the RIG exploit kit was leaked. An independent security researcher posted the news on his blog. An individual claiming to be one of the RIG exploit kit developers tried to sell the exploit kit service in...

Magnitude Exploit Kit Backend Infrastructure Insight - Part III

This is the fourth post in a four-part series about Magnitude (if you like, read the first, second, and third parts too). This post will continue where the third post left off discussing the infection flow and cybercriminals redirecting victims...

Magnitude Exploit Kit Backend Infrastructure Insight - Part II

Welcome back to another edition of "exposing Magnitude exploit-kit internals"! As already mentioned in our previous posts (1st and 2nd), the back-end infrastructure of this highly prevalent Exploit Kit has been revealed to be pretty exciting from the security research...

Magnitude Exploit Kit Backend Infrastructure Insight - Part I

In our recently released Trustwave Global Security Report Online and previous Magnitude blog post, A Peek Into the Lion's Den – The Magnitude [aka PopAds] Exploit Kit, we detailed our discovery of one of the more prevalent exploit kits seen...

A Peek Into the Lion's Den – The Magnitude [aka PopAds] Exploit Kit

Recently we managed to get an unusual peek into the content that is used on the servers of the prevalent exploit kit, Magnitude. In this blog post we’ll review its most up-to-date administration panel and capabilities, as well as review...

Exploit Kit Roundup: Best of Obfuscation Techniques

The world of exploit kits is an ever-changing one, if you happen to look away even just for one month, you’ll come back to find that most everything has changed around you. Because of this, people like us, who work...

Bloodletting the Arms Race: Using Attacker's Techniques for Defense

Submitted by Ziv Mador and Ryan Barnett This blog post will summarize a recent talk that we (Ryan Barnett and Ziv Mador) gave at the RSA 2014 conference where we showed how tactics used by different cyber-criminal gangs could be...

Beware! Bats hide in your jQuery!

Injection of malicious code into JavaScript files is not new; however, we recently observed a steep increase in the use of this method, particularly in jQuery libraries, in order to redirect users to malicious web pages. Why has injecting malicious...

Stay Connected


Subscribe

Sign up to receive the latest security news and trends from Trustwave.

No spam, unsubscribe at any time.


Trending Topics