Fiesta Exploit Kit Starts Delivering a Double Payload


Userlevel 6
InfoSecurity August 1, 2014
 
Malware authors are looking for more bang for the buck.
 
The Fiesta exploit kit has apparently learned a new trick, and is dropping two pieces of malware on unsuspecting victims’ machines.
 
“A few days ago, we began noticing a strange new pattern with the Fiesta exploit kit. We were getting a double payload where before only one was delivered,” explained Malwarebytes researcher Jerome Segura, in a blog. “So we decided to check our archives and figure out exactly what happened during the last few days.”
 
Previously, the kit simply used various exploits followed by a single malware drop, whose parent process is Java. In the past two days however, two payloads have started dropping by the Java process. Essentially, Fiesta EK is delivering a double payload from a single URL call. Once downloaded, it is extracted and gives birth to two executables: the Spyware.Zbot.ED and the Trojan.Agent.ED.
 
Full story
 
 
 
 

0 replies

Be the first to reply!

Reply