Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers – is the security community’s go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

“Don’t Mine Me” – Coinhive

What's worse than annoying ads on a website? Crypto Miner on a website! Over the last couple of weeks there has been a lot of talk about Coinhive, a service that claims to provide an alternative to advertising for monetizing...

Terror Exploit Kit? More like Error Exploit Kit

Q: What does it take to create a simple, yet fully functioning exploit kit? A: Just a little bit of determination. A few weeks ago a website popped up on our radar: www[.]***empowernetwork[.]com This web site, like many others in...

RIG's Facelift

RIG EK has been in the headlines recently mainly because both EITEST and PseudoDarkLeech (big traffic gates) have been redirecting traffic to RIG to deliver the CrypMIC Ransomware. A year ago we published a deep analysis of RIG which described...

Sundown EK – Stealing Its Way to the Top

Sundown is one of the newest Exploit Kits on the market these days, and like many up-and-coming exploit kits before it, this means that it is in under constant development. With the recent disappearance of the Angler and Nuclear exploit...

Angler Takes Malvertising to New Heights

We have just discovered an advertising campaign that has been placing malicious advertisements on very popular websites both in the US and internationally. "answers.com" (Alexa rank 420 Global and 155 in the US), "zerohedge.com" (Ranked 986 in the US) and...

Endless Evasion Racing Game

In the past year we have been exploring the Magnitude Exploit Kit - one of the major actors in the cybercriminal scene. Like most of the modern exploit kits Magnitude is comprised of several layers in order to decrease the...

RIG Reloaded - Examining the Architecture of RIG Exploit Kit 3.0

A few months ago the RIG exploit kit took quite a hit when its source code was leaked by a disgruntled reseller. At the time we wrote a blog post detailing the inner workings of RIG's infrastructure and business model,...

A Flash Exploit (CVE-2015-5119) From the Hacking Team Leak

***Update July 12, 2015--It was recently discovered that Hacking Team possessed an additional zero-day exploit for Adobe Flash--CVE-2015-5122. CVE-2015-5122 was patched by Adobe on July 8, 2015. While a different exploit than CVE-2015-5119 discussed below, Trustwave SWG customers are also...

Malvertisement – A Nuclear EK Tale

Over the past couple of years delivering malware via advertisements, or "malvertisement," has become one of the most popular methods of distribution for exploit kits. Like most trends in the world of Internet security, the longer it endures - the...

RIG Exploit Kit – Diving Deeper into the Infrastructure

Following our previous blog post about the leaking of the RIG exploit kit's source code, we dug deeper into the architecture that facilitates the massive infections using RIG. The screen shot below diagrams RIG's infrastructure. RIG Exploit Kit Infrastructure Most...

RIG Exploit Kit Source Code Leak - The End or Just the Beginning of RIG?

Recently, source code for the RIG exploit kit was leaked. An independent security researcher posted the news on his blog. An individual claiming to be one of the RIG exploit kit developers tried to sell the exploit kit service in...

Hacking a Reporter: UK Edition

Over the summer, a U.K. journalist asked the Trustwave SpiderLabs team to target her with an online attack. You might remember that we did the same in 2013 by setting our sites on a U.S.-based reporter. This scenario, however, would...

Powerpoint Vulnerability (CVE-2014-4114) used in Malicious Spam

Following last week’s announcement of a zero-day vulnerability for PowerPoint (CVE-2014-4114), we suspected it would not be too long before we saw this attack being used via email attachments. So when this email with a PowerPoint attachment appeared in our...

A Peek Into the Lion's Den – The Magnitude [aka PopAds] Exploit Kit

Recently we managed to get an unusual peek into the content that is used on the servers of the prevalent exploit kit, Magnitude. In this blog post we’ll review its most up-to-date administration panel and capabilities, as well as review...

CVE-2014-0515 Goes to Brazil for World Cup 2014

The FIFA World Cup 2014 begings June 12 and enthusiasm about the event has shown itself in increased traffic to different sport websites around the world. With more people visiting certain websites, you can bet that malicious individuals will look...

Exploit Kit Roundup: Best of Obfuscation Techniques

The world of exploit kits is an ever-changing one, if you happen to look away even just for one month, you’ll come back to find that most everything has changed around you. Because of this, people like us, who work...

Microsoft Internet Explorer 0-Day (CVE-2014-1776)

A zero-day vulnerability in Microsoft Internet Explorer, CVE-2014-1776, was recently discovered when it was used as part of a targeted attack. Despite being an exploit for Internet Explorer, the attack used a Flash file to deliver the malicious code and...

Microsoft Word RTF 0-Day (CVE-2014-1761)

A zero-day vulnerability in Microsoft Word involving the handling of the RTF file format was published last week in the form of a Microsoft advisory. In its advisory, Microsoft states that it is aware of “limited, targeted attacks” exploiting this...

Deep Analysis of CVE-2014-0502 – A Double Free Story

A lot has already been said about CVE-2014-0502, the Adobe Flash Player zero-day that was part of a targeted attack that infected several nonprofit organizations’ websites. Several interesting aspects of the exploit were covered in various blog posts; including its...

Stay Connected


Subscribe

Sign up to receive the latest security news and trends from Trustwave.

No spam, unsubscribe at any time.


Trending Topics