Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Cyber-crooks Use Nuclear Exploit Kit to compromise ICW

According to Zscaler, ICW's (International Council of Women) website was recently hijacked employing NEK (Nuclear Exploit Kit) when attackers used Kelihos bot for contaminating end-users.

It maybe noted that established in 1888, the ICW a transnational women's association is the earliest such organization among others supporting women's rights.

The Kelihos bot, according to security researchers, was found interacting with far off placed servers for sending and receiving info with which to carry out different tasks such as dispatching spam mails, seizing critical data, and pulling down and running malevolent programs. Kelihos as well attempted at filching digital currencies like Bitcoin and login credentials while it watched network traffic moving to and fro on the victim's computer. Moreover, it attempted at garnering usernames and passwords along with host names stored in folders, via the ChromePlus and Chrome web-browsers of Google.

Once successfully exploited, Kelihos variant gets pulled down and planted onto the victim's computer. Representing a family of Trojans, Kelihos dispatches spam mails as well as does other tasks. All this based on the malware's communication with its CnC (command-and-control) infrastructures utilizing HTTP through missives encoded with the key namely Blowfish a type of symmetric-key algorithm.

A creditable competitor of Angler Exploit Kit, Nuclear EK continues to spread campaigns widely, routinely update its exploit payload, and employ fresh obfuscation methods as well as disseminate fresh malware payloads. Nuclear EK's final malware payload was Kelihos designed for stealing information while featuring very low anti-virus identification.

Lately, there have been plentiful activities by exploit kits. Zscaler just discovered that in spite of security professionals trying to diffuse Angler, one government website of China got hijacked with the exploit kit, abusing Flash followed with taking Web-surfers onto CryptoWall 3.0.

The hijacked government site of China was "Chuxiong Archives" that was attacked through code-injection. The website resembles dual websites-the Chuxiong City and Chuxiong Yi Prefecture in both appearance and texture, however seems somewhat inactive. And while security researchers sanitized the hijacked website in 24-hrs the situation actually caught Zscaler's attention towards the latest modifications to Angler along with more fresh Flash exploits that were added to the EK.

ยป SPAMfighter News - 11/17/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page