[email protected] +603-2181 3666
Nuclear Exploit Kit
March 25, 2015
0

BREAKING NEWS!

Fact: Software vulnerabilities are growing and that security gaps should be closed faster.

However, this is a not always the case. It’s for this reason that cybercriminals seem to be ahead of the game, find the loopholes and infiltrate computer systems of unsuspecting users. Think zero-day attacks (see Definition).

Sometimes, security patches from vendors don’t immediately follow the frequency of attacks by cybercriminals.

In recent years the most vulnerable 3rd party software has been:

  1. Oracle Java Runtime environment.
  2. Adobe Acrobat Reader.
  3. Adobe Flash Player / Plugin.
  4. Apple Quicktime.

Nuclear exploitNuclear Exploit Kit first appeared in 2009, and like most widely used exploits, it has evolved. It is able to deploy a wide range of attacks, from Flash, Sliverlight, PDF and Internet Explorer exploits. If that isn’t enough, there is the possibility of launching advanced pieces of malware and ransomware.

Exploit Kits are polymorphic (see Definition) in nature, making it the main vehicle for zero-day attacks and software vulnerabilities. Recently, Nuclear implemented an exploit in Adobe Flash Player and fortunately that it was patched last week.   If you have not patched your Adobe Flash Player yet, it’s time to do so.

Go here for the security patch update https://helpx.adobe.com/security/products/flash-player/apsb15-05.html.

This exploit delivers a malicious code to Windows operating systems that lacks the latest security patch from Adobe. What makes this exploit more dangerous is that it delivers not only data stealing malware, but ransomware too. Ramsomware here refers to the various CrytoLocker variants like Teslacrypt and CTB-Locker.

How is the Nuclear Kit exploit deployed? Through drive-by downloads (see Definition) in legitimate websites and online ads. It is also partly delivered via hijack Godaddy domains and also via iframe (see Definition) injections embedded in legitimate websites.

It has been reported that about 90% of computers affected were found in Japan. The exploit is mainly distributed online by using compromised web pages and Japanese porn websites.

However, you should not be complacent and think that because an update patch has been developed, that you are safe. Cybercriminals are constantly on the prowl, looking for other channels and methods to deploy their attacks; looking for weaknesses in a computer system and unsuspecting victims for their next assault.

Recommendation

  1. Ensure that your Windows operating system and other software up-to-date with the latest security patches.
  2. Backup your important documents and files and store it on external media.
  3. Implement a security solution that detects and blocks exploits kits.
  4. Use an anti-spyware solution to remove phishing or exploits focused on malicious emails.
  5. Enable “click-to-play” plug-in that allows you to control the Flash Player content loading in the browser. Go here, http://www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-every-web-browser/

Definition

  1. Zero-day attacks – it refers to a hole or vulnerability that is yet unknown to the vendor. This hole is then exploited by hackers before the vendor becomes aware of it and fixes it.
  2. Polymorphic – the exploit can be updated, frequently changing the malware downloaded to the  victims computer.
  3. Drive-by downloads – a program that is downloaded to your computer without your consent or  knowledge. Very likely a malicious program.
  4. IFrame (Inline Frame) – a HTML document that is embedded inside another HTML document on a website. It is often used to insert content from another source, such as an advertisement, into a web page.

Source

  1. Heimdal Security
  2. Slideshare (for image)