InfoSecurity August 1, 2014
Malware authors are looking for more bang for the buck.
The Fiesta exploit kit has apparently learned a new trick, and is dropping two pieces of malware on unsuspecting victims’ machines.
“A few days ago, we began noticing a strange new pattern with the Fiesta exploit kit. We were getting a double payload where before only one was delivered,” explained Malwarebytes researcher Jerome Segura, in a blog. “So we decided to check our archives and figure out exactly what happened during the last few days.”
Previously, the kit simply used various exploits followed by a single malware drop, whose parent process is Java. In the past two days however, two payloads have started dropping by the Java process. Essentially, Fiesta EK is delivering a double payload from a single URL call. Once downloaded, it is extracted and gives birth to two executables: the Spyware.Zbot.ED and the Trojan.Agent.ED.
Full story
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.