RIG Exploit Kit
Posted: June 27, 2014
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Ranking: | 10,006 |
---|---|
Threat Level: | 1/10 |
Infected PCs: | 850 |
First Seen: | June 27, 2014 |
---|---|
Last Seen: | October 16, 2023 |
OS(es) Affected: | Windows |
The RIG Exploit Kit is an online threat that uses software exploits, including ones that may take advantage of Netflix users specifically, to install threats onto their computers. Most exploit kit attacks may be modified to include different payloads, but the RIG Exploit Kit particularly is associated with the distribution of ransomware, which encrypts files and attempts to defraud the PC's user. Compromised advertising networks and other websites are the RIG Exploit Kit's main vehicle for distribution, and using anti-script and anti-advertising features, in combination with other PC security solutions, should be adequate protection from its attacks.
The Exploit Kit that Drills into Your Files to Mine Your Wallet
Exploit kits are one of the central and recurring components of the threat industry, doing the humble work of installing threatening software, whether or not the PC user at the other end of the attack has given his consent. The RIG Exploit Kit is one of the newest examples of these PC threats, and currently is used to distribute CryptoWall, a file encryptor Trojan that may modify files to make them unusable and then demands a fee before it will return them to normal. Like similar attacks, Cryptowall also may add time pressure by claiming to delete the pertinent information if the victim ignores its deadline for the payment, although malware experts have not verified this behavior.
The RIG Exploit Kit may distribute Cryptowall through compromised advertising networks and especially targets the Silverlight platform, but also may exploit other avenues of attack like Flash or Java. Malware researchers also have seen Cryptowall distributed in attacks that don't use the RIG Exploit Kit, such as one particularly noteworthy case of a Durham police department network whose compromise is traceable to a breach of e-mail safety protocols.
As with all file encryptors and other types of ransomware, paying the associated fee is not the recommended response. Instead, merely using remote backups to restore your files, along with anti-malware tools to delete Cryptowall, should be a sufficient – and much cheaper than otherwise – solution.
Taking the Exploits out of Your Web Browser Before Trojans Take Money out of Your Wallet
The RIG Exploit Kit's current infrastructure may use a range of different technical defenses against analysis, including piggybacking off of legitimate (but hacked) domains and preventing itself from being repeatedly loaded from the same IP address. However, none of these defenses should prevent the RIG Exploit Kit from being blocked by traditional browser security methods, which should include:
- Using persistent anti-malware tools that can detect browser-based threats.
- Using browser settings or add-ons that force any scripts to request permission to launch.
- Using advertisement-blocking solutions.
- Updating Java, Flash and other, equally vulnerable products, which will lower the amount of exploitable security flaws.
For all of the risk that the RIG Exploit Kit represents to the files on any PC, its attacks are symptomatic of the continued reliance people have on proven means of thwarting security to make a profit. As a result, malware experts continue to advise all readers to use the same forms of protection that would be equally effective against other exploit kit-based attacks.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.