Source Code of RIG Attack Toolkit Published Online
A person asserting he is one amongst others who created the RIG attack toolkit seems to have revealed one pretty latest edition of the toolkit's source code, thus published securityweek.com in news on February 13, 2015.
It may be noted that being prevalent though for not one full year, RIG is disseminated chiefly during malvertising campaigns, thrusting exploits for Microsoft Silverlight, Java and Flash, while certain editions thrust ransomware as well.
One Malware Analyst based in UK who calls himself MalwareTech on the Internet said that the person leaking the source code at first tried to sell on HackForums the ability for accessing the attack toolkit. At that time, RIG's chief creator labeled that leaker a scammer, who asserted on another hacker portal as having contributed towards the attack toolkit's development, however, since he didn't get his due payment, he proceeded towards selling the code as well as one server database collection. Securityweek.com reported this dated February 13, 2015.
Thus, having received little reaction from the leakage and following getting the label of scammer, the leaker, referred to as blackhat, established one account on Twitter where he revealed RIG's source code apparently wishing for assisting malware analysts to develop a security patch.
Initially, there wasn't any substantiation for the exposed source code as being really of the RIG toolkit. But, according to the researcher, 3 individuals had substantiated the code's genuineness.
When security investigators at Trustwave examined the database dump within RIG's leakage they detected some 1,200 infections. Conversely, Trustwave collected some 418,000 RIG infections in all, having an extremely high 33% rate of exploitation.
Trustwave, the security company informed that Flash was responsible for the majority of the contaminations, affecting 170K computers.
The latest exposure of the code nevertheless, didn't have any exploits as a RIG exploitation gets performed over bank-end server.
Conclusively, Trustwave cautions that with the leakage done, cyber-criminals may do everything for circumventing law enforcement's notice. Consequently, there may be less activity, while script kiddies would likely utilize the code for attempting at pushing infection campaigns devised for their own to get easy and fast revenue.
» SPAMfighter News - 2/21/2015