![malwarebytes offline update 2018 malwarebytes offline update 2018](https://i.ytimg.com/vi/kggsBmvyTqU/maxresdefault.jpg)
It is unique for the fact that it uses a combination of old (Java) and new vulnerabilities. KaiXin EK (also known as CK VIP) is an older exploit kit of Chinese origin, which has maintained its activity over the years. We haven’t seen any major changes since the last time we profiled it, and it is still distributing the Hermes ransomware.
#MALWAREBYTES OFFLINE UPDATE 2018 CODE#
We documented changes in Magniber in recent weeks with some code improvements, as well as a wider casting net among several Asian countries.Ī sophisticated but more elusive EK focusing on Flash’s CVE-2018-4878, GreenFlash Sundown is still active in parts of Asia thanks to a network of compromised OpenX ad servers. Magnitude, the South Korean–focused EK, keeps delivering its own strain of ransomware (Magniber). Interestingly, both EKs can sometimes be seen sharing the same distribution campaigns, as pictured below: GrandSoft is probably the second most active exploit kit with a backend infrastructure that is fairly static in comparison to RIG. It is pictured below in what we call the HookAds campaign, delivering the AZORult stealer. RIG EK remains quite active in malvertising campaigns and compromised websites, and is one of the few exploit kits with a wider geographic presence. Nevertheless, some kits are still using older exploits in technologies that are being retired, and most likely with little efficacy. Two newly found vulnerabilities in 2018, Internet Explorer’s CVE-2018-8174 and Flash’s CVE-2018-4878, have been widely adopted and represent the only real attack surface at play. In this post, we will review the following exploit kits: In this era of widely-shared exploit proof-of-concepts (PoCs), we are starting to see an increase in what we call “pseudo-exploit kits.” These are drive-by downloads that lack proper infrastructure and are typically the work of a lone author. In addition, we have witnessed many smaller and unsophisticated attackers using one or two exploits bluntly embedded in compromised websites. Malware distributors have complained that “loads” for the North American or European markets are too low via exploit kit, but other areas are still worthy targets.
![malwarebytes offline update 2018 malwarebytes offline update 2018](https://rahim-soft.com/wp-content/uploads/2017/09/Malwarebytes-AntiMalware-665x.png)
Perhaps one caveat is that, apart from the RIG and GrandSoft exploit kits, we observe the majority of EK activity contained in Asia, maybe due to a greater likelihood of encountering vulnerable systems in that region. This has made the summer quarter one of the busiest we’ve seen for exploits in a while. Indeed, not only have new kits been found, but older ones are still showing signs of life. The uptick trend in cybercriminals using exploit kits that we first noticed in our spring 2018 report has continued into the summer.