Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Exposed: An inside look at the Magnitude Exploit Kit

Steve Ragan | Aug. 6, 2014
Researchers at Trustwave have provided CSO with an inside look at the Magnitude Exploit Kit's infrastructure.

Finally, one of the more interesting aspects to the FAQ is the note that before any API automation can take place, the customer must first provide the origin IP. Such an act mirrors legitimate commercial ventures, proving that even criminals know to restrict API access in order to protect the infrastructure.

Targeted infections on a global scale:

Every Magnitude victim stands to get up to seven different types of malware installed on their system. Sometimes, the count is less, but for most campaign managers the goal is to maximize on their investment.

In a single month, Trustwave researchers observed Magnitude attempting to exploit 1.1 million systems, resulting in 210,000 successful infections. Most of the victims were regular home users; however there were corporate systems, as well as government systems in the U.S. and Canada, included in the victim profile.

There are three main exploits used by Magnitude, so as victims are delivered to the landing page, they are targeted with each of the following until one of them works:

  • CVE-2013-2551 (VML vulnerability in Internet Explorer 6-10)
  • CVE-2013-2643 (Java <= 7.21 and <= 6.45 w/ JNLP click-to-play bypass)
  • CVE-2012-0507 (Java <= 7.2 and <= 6.30)

Overall, the Internet Explorer vulnerability has yielded the most success, with 85 percent of the kit's victims being snared by it.

However, another part of the kit's success comes from the victim profile. While the U.S. was the top location for victims (32,041), it was Iran (30,436) and Vietnam (19,304), followed by Argentina (13,657), India (12,367), and Turkey (11,939), that accounted for a majority of the victim pool.

Many of the locations targeted have Internet users on old systems, which rarely (if at all) see software updates. This is especially true of systems located within Internet cafes or other public locations.

In the admin panel, there was a recorded success rare of 68 percent in Vietnam, followed by a 43 percent success rate in Iran; a 32 percent success rate in Argentina; a 31 percent success rate in Thailand and Peru; a 27 percent success rate for India and Turkey; and a 24 percent success rate for Korea, Spain, and Brazil. The U.S., where the majority of victims reside, only had a recorded success rate of nine percent.

So what will it take to get users in developing nations to upgrade? It is a hopeless situation?

"We tend to see higher infection rates in countries where pirated software is more common as software vendors often provide patches only to those customers with a valid license. It's often therefore not that users don't want to upgrade but are unable to and feel that's a reasonable trade off to get free software," explained Michael Sutton, the VP of Security Research for Zscaler.


Previous Page  1  2  3  4  5  6  Next Page 

Sign up for Computerworld eNewsletters.