Home Malware Programs Malware RIG Exploit Kit

RIG Exploit Kit

Posted: June 27, 2014

Threat Metric

Ranking: 10,006
Threat Level: 1/10
Infected PCs: 850
First Seen: June 27, 2014
Last Seen: October 16, 2023
OS(es) Affected: Windows


The RIG Exploit Kit is an online threat that uses software exploits, including ones that may take advantage of Netflix users specifically, to install threats onto their computers. Most exploit kit attacks may be modified to include different payloads, but the RIG Exploit Kit particularly is associated with the distribution of ransomware, which encrypts files and attempts to defraud the PC's user. Compromised advertising networks and other websites are the RIG Exploit Kit's main vehicle for distribution, and using anti-script and anti-advertising features, in combination with other PC security solutions, should be adequate protection from its attacks.

The Exploit Kit that Drills into Your Files to Mine Your Wallet

Exploit kits are one of the central and recurring components of the threat industry, doing the humble work of installing threatening software, whether or not the PC user at the other end of the attack has given his consent. The RIG Exploit Kit is one of the newest examples of these PC threats, and currently is used to distribute CryptoWall, a file encryptor Trojan that may modify files to make them unusable and then demands a fee before it will return them to normal. Like similar attacks, Cryptowall also may add time pressure by claiming to delete the pertinent information if the victim ignores its deadline for the payment, although malware experts have not verified this behavior.

The RIG Exploit Kit may distribute Cryptowall through compromised advertising networks and especially targets the Silverlight platform, but also may exploit other avenues of attack like Flash or Java. Malware researchers also have seen Cryptowall distributed in attacks that don't use the RIG Exploit Kit, such as one particularly noteworthy case of a Durham police department network whose compromise is traceable to a breach of e-mail safety protocols.

As with all file encryptors and other types of ransomware, paying the associated fee is not the recommended response. Instead, merely using remote backups to restore your files, along with anti-malware tools to delete Cryptowall, should be a sufficient – and much cheaper than otherwise – solution.

Taking the Exploits out of Your Web Browser Before Trojans Take Money out of Your Wallet

The RIG Exploit Kit's current infrastructure may use a range of different technical defenses against analysis, including piggybacking off of legitimate (but hacked) domains and preventing itself from being repeatedly loaded from the same IP address. However, none of these defenses should prevent the RIG Exploit Kit from being blocked by traditional browser security methods, which should include:

  • Using persistent anti-malware tools that can detect browser-based threats.
  • Using browser settings or add-ons that force any scripts to request permission to launch.
  • Using advertisement-blocking solutions.
  • Updating Java, Flash and other, equally vulnerable products, which will lower the amount of exploitable security flaws.

For all of the risk that the RIG Exploit Kit represents to the files on any PC, its attacks are symptomatic of the continued reliance people have on proven means of thwarting security to make a profit. As a result, malware experts continue to advise all readers to use the same forms of protection that would be equally effective against other exploit kit-based attacks.

Technical Details

Additional Information

The following URL's were detected:
https://feed.globalsearchconverter.com/?q=
Loading...