Tag: exploit kit
-
Exploit kit requires link to be clicked before redirection
Automatic analysis of malicious payloads becomes a little bit harder again. A security researcher at ESET has discovered how a malicious site serving the Angler exploit kit prevents automatic analysis by making a user click a link before being redirected to the exploit kit. Having spent many hours during the past two years building a…
-
Php.net compromised to serve malware
Researchers initially believed Google warning was a false positive. For a few days this week, the popular php.net website was serving malware to some of its visitors and was doing so in a stealthy way that initially confused researchers. There may be thousands and possibly millions of malicious websites on the Internet, but when you…
-
PayPal spam leads to exploit kit
Clicking on links leads to Blackhole rather than phishing site. Fake PayPal receipts were being spammed out this morning, with links leading to a version of the Blackhole exploit kit. The emails look like typical PayPal confirmation emails and suggest that funds have been sent from the user’s account. The supposed recipient of these funds…
-
Recently discovered Java vulnerability being added to exploit kit
Kit ‘patched’ to include latest exploit; users urged to patch their software too. Security researcher and journalist Brian Krebs has found evidence that a recently discovered vulnerability in Java is being added to the ‘BlackHole’ exploit kit. The vulnerability was discovered a few weeks ago and makes use of the Rhino Script Engine to run…
-
Exploit kit targets customers of air travel websites
SpyEye configuration intercepts personal data submitted to legitimate websites. Security researchers have uncovered a version of the ‘SpyEye’ trojan that steals credit card and bank account details from visitors of two air travel websites. SpyEye, like ‘Zeus’ (which some researchers believe it is related to), is an advanced exploit kit whose ‘customers’ use can configure…