Convincing YouTube look-alike fires RIG Exploit Kit

  • 27 August 2014
  • 1 reply
  • 9 views

Userlevel 7
Badge +54
This is a great article and needs to be read. Not only is there a fake Flash Player error message but a silent drive by as well in the background.
 
August 25, 2014   |   By Jérôme Segura
 

"The Bait

 


 

The drive-by

 
Those of you familiar with exploit kits will have recognized a landing page for the RIG EK. So as your browser loads the fake YouTube page another one is fetched in the background, triggering an exploitation and infection chain:
[img]https://blog.malwarebytes.org/wp-content/uploads/2014/08/fiddler.png[/img]
In this particular case you are hit with a Silverlight and Flash exploit before the final payload is dropped (VT link)."
 
Full Article

1 reply

Userlevel 7
Badge +56
Wow, that is sneaky!

Reply