Exploit Kits
Exploit kits are automated tools that cybercriminals use to identify vulnerabilities in a user's system and deliver malware, often without the user's knowledge. Here are some notable exploit kits:
Neutrino:
Target: Java Runtime Environment.
Functionality: Neutrino drops ransomware on target systems and employs fileless techniques to infect hosts. This means it can operate in memory without needing to write files to disk, making it harder to detect.
Magnitude:
Target: Primarily used to drop Magniber ransomware.
Functionality: Utilizes fileless deployment techniques, allowing it to bypass traditional security measures and infect hosts without leaving traces on the filesystem.
Angler:
Target: Vulnerabilities in outdated software.
Functionality: Known for its versatility and capability to install "invisible" malware via drive-by tactics. Angler collects sensitive user data, including usernames, passwords, and credit card information, making it one of the most notorious exploit kits.
Nuclear:
Target: Adobe Flash vulnerabilities.
Functionality: Known for its stealth and ability to evade antivirus detection, Nuclear primarily targets vulnerabilities in Flash, often delivering malware when users visit compromised websites.
RIG:
Target: Users redirected through malicious iframes.
Functionality: RIG exploits Flash vulnerabilities and is often associated with malvertising (malicious advertising). Its common payloads include variants of the Tofsee spambot, used to send spam emails.
Spelevo:
Target: Uses domain shadowing to evade detection.
Functionality: Hosted using domain names instead of hardcoded IP addresses. It attempts to deliver exploits via vulnerable versions of Flash or by exploiting a use-after-free vulnerability in the VBScript engine of Internet Explorer.