Styx Exploit Kit Takes Advantage of Vulnerabilities
Posted by: Tim Tibbetts on 06/26/2013 02:20 PM [ Comments ]
Web-based malware has increased over the last few years due to an abrupt spike in new exploit kits. These kits target vulnerabilities in popular applications and provide an effective way for cybercriminals to distribute malware. We have already discussed Red Kit, a common exploit kit. Recently McAfee Labs has observed an increase in the prevalence of the Styx exploit kit.
The next graph shows the prevalence of this exploit kit in the wild.
Like other exploit kits, Styx covertly redirects users as they visit a legitimate website to a malicious landing page that hosts the exploit files targeting various vulnerabilities. The redirector link may arrive via email as part of a spam campaign.
How to prevent this attack:
Blocking the URL patterns we have noted is one efficient way to prevent this attack. However, the landing page URL patterns are constantly changing. Nonetheless, the payload URL patterns have remained the same for all malicious domains we have seen.
In spite of the availability of patches for known vulnerabilities such as CVE2013-0422, CVE-2010-0188, etc., this exploit kit still targets these vulnerabilities. McAfee recommends that you install the latest patches for Java and Adobe Reader.
We advise our customers to pay extra caution when opening unsolicited emails and unknown links.
McAfee products detect these exploits as JS/Exploit-Stykit.
Special thanks to our colleague Bharath M. Narayan for his assistance with this blog.
Like other exploit kits, Styx covertly redirects users as they visit a legitimate website to a malicious landing page that hosts the exploit files targeting various vulnerabilities. The redirector link may arrive via email as part of a spam campaign.
How to prevent this attack:
Blocking the URL patterns we have noted is one efficient way to prevent this attack. However, the landing page URL patterns are constantly changing. Nonetheless, the payload URL patterns have remained the same for all malicious domains we have seen.
In spite of the availability of patches for known vulnerabilities such as CVE2013-0422, CVE-2010-0188, etc., this exploit kit still targets these vulnerabilities. McAfee recommends that you install the latest patches for Java and Adobe Reader.
We advise our customers to pay extra caution when opening unsolicited emails and unknown links.
McAfee products detect these exploits as JS/Exploit-Stykit.
Special thanks to our colleague Bharath M. Narayan for his assistance with this blog.
Comments