Cyber-crooks Use Nuclear Exploit Kit to compromise ICW

According to Zscaler, ICW's (International Council of Women) website was recently hijacked employing NEK (Nuclear Exploit Kit) when attackers used Kelihos bot for contaminating end-users.

It maybe noted that established in 1888, the ICW a transnational women's association is the earliest such organization among others supporting women's rights.

The Kelihos bot, according to security researchers, was found interacting with far off placed servers for sending and receiving info with which to carry out different tasks such as dispatching spam mails, seizing critical data, and pulling down and running malevolent programs. Kelihos as well attempted at filching digital currencies like Bitcoin and login credentials while it watched network traffic moving to and fro on the victim's computer. Moreover, it attempted at garnering usernames and passwords along with host names stored in folders, via the ChromePlus and Chrome web-browsers of Google.

Once successfully exploited, Kelihos variant gets pulled down and planted onto the victim's computer. Representing a family of Trojans, Kelihos dispatches spam mails as well as does other tasks. All this based on the malware's communication with its CnC (command-and-control) infrastructures utilizing HTTP through missives encoded with the key namely Blowfish a type of symmetric-key algorithm.

A creditable competitor of Angler Exploit Kit, Nuclear EK continues to spread campaigns widely, routinely update its exploit payload, and employ fresh obfuscation methods as well as disseminate fresh malware payloads. Nuclear EK's final malware payload was Kelihos designed for stealing information while featuring very low anti-virus identification.

Lately, there have been plentiful activities by exploit kits. Zscaler just discovered that in spite of security professionals trying to diffuse Angler, one government website of China got hijacked with the exploit kit, abusing Flash followed with taking Web-surfers onto CryptoWall 3.0.

The hijacked government site of China was "Chuxiong Archives" that was attacked through code-injection. The website resembles dual websites-the Chuxiong City and Chuxiong Yi Prefecture in both appearance and texture, however seems somewhat inactive. And while security researchers sanitized the hijacked website in 24-hrs the situation actually caught Zscaler's attention towards the latest modifications to Angler along with more fresh Flash exploits that were added to the EK.

» SPAMfighter News - 11/17/2015