Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Angler Exploit Kit Continuously and Rapidly Evolving, says Cisco

According to Cisco, the security company, the AEK (Angler Exploit Kit) is continuously and rapidly evolving, impeccably incorporating not just 0-day attack codes, however several evasion methodologies too which make it an increasingly dreadful hacking kit obtainable.

Cisco's security researchers of late cited a methodology utilized within one recent Angler attack wherein the miscreants utilized seized credentials of domain registrants for setting up huge numbers of sub-domains which were profusely used for either working as panels that harbored malicious payloads or diverting the victimized visitors onto attack websites.

The method is known as domain shadowing, while it's regarded as fast flux's next evolution; hitherto, attackers with domain shadowing have managed in gaining thousands of subsidiary domains for themselves. Within the current instance, attackers capitalize on domain owners' inconsistent supervision over the credentials of domain registration. These credentials essentially get seized through phishing attacks. Subsequently, the credentials enable the attackers to set up an unending list of sub-domains that can get utilized for more compromises.

Fascinatingly, it was in 2011 that domain shadowing made its debut; however, has remarkably become popular during recent months with respect to AEK, the researchers state.

Nick Biasin Security Researcher at Cisco states that his company has detected nearly 10,000 malware hosting subsidiary domains registered through hundreds of GoDaddy A/Cs that continues to be a favorable target given its only largest registrar status over the Net, being behind nearly one-third of the total URLs. Csoonline.com reported this dated March 3, 2015.

Among the said total domains, some 1,500 had been registered during 2011. However, over 7,500 i.e. the majority have emerged during last 3 months when February 2015 had a greater number of registering compared to January 2015 that itself demonstrated a rise from December 2014.

A few of the subsidiary domains remain on for just a few minutes while can be accessed around two times.

According to Security Outreach Manager Craig Williams at Cisco, the ultimate objective of the con artists is getting the huge number of domains as above while utilize each for that brief time-period during when standard blacklisting wouldn't work.Csoonline.com reported this.

» SPAMfighter News - 3/10/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page