Wednesday, 29 October 2014

popular-science-website
Popular Science Website is Serving RIG Exploit Kit

Websense Security Labs has detected that Popular Science Website has been compromised and was serving malicious code to the visitors.

Popular Science is an American monthly magazine which serves popular science contents such as articles on science and technology for general reader.

The site is injected with malicious code that redirects users to websites who serve exploit code.
Then the code itself downloads malicious files into the victims computer.

The website has malicious iFrame which redirect users to the popular RIG Exploit Kit.

iFrame generally redirects users first to TDS and then to final exploit serving site. But in this case, the RIG Exploit Kit, iFrame redirects the users directly to the final website, report Said.

Before executing any exploit, the RIG Exploit Kit uses CVE-2013-7331 XMLDOM ActiveX Control vulnerability to check if there are any Antivirus software installed in the victim's computer.

If there are no checked AV installed on the victim's computer then the exploit kit checks the installed plugins and their versions, more precisely Flash, Silverlight, Java. If any of it is found with a vulnerability,then it launches the Exploit corresponding to the vulnerability.

According to Websense, this antivirus listing technique has become common in recent time where Nuclear and Angler Exploit Kit used it in large scale. 

Organizations listing from Govt. to education as well as hospitals etc have been affected by this type of injection. US and UK are the two top most countries affected by this injection with percentage of 14% individually. 

0 comments:

Post a Comment