As a new years resolution, hackers seem to have up the ante in cyber attacks using exploit kits. Security researchers have found increased activity in the use of exploit kits to hijack user activity. As many as 90000 sites have been confirmed to be affected by the Angler exploit kit. These campaigns focus on using blackhat SEO poisoning to divert search results to infected websites.
Exploit kits are malicious software used by cybercriminals to exploit vulnerabilities in the system. The goal is to create a backdoor so the bad actors can execute arbitrary code. So far the most proliferate exploits kits used since the beginning of this year. Have been Angler, Neutrino, and RIG. Having stood out among them due to its scope is the Angler Exploit Kit.
Angler is an exploit kit that has been known for its aggressiveness and ability to be undetected by security software. Researchers at Palo Alto Networks detected over 90000 compromised websites that have been infected with Angler. 30 of these compromised sites rank in Alexa’s top 100,000 sites. The exploit is available in the underground internet market as a “malware-as-a-service”. Its proliferation this year is due in part to its efficiency as an exploit and its user-friendly interface for the average user.
The way Angler works is by infecting a website with the exploit that will then redirect visiting users to domains that will inject the malware. The more popular the site, the higher the rate of infection for the malware. Once a user visits the website, the malware will attempt to redirect the user to the domain containing Angler. So far Angler has three ways to create a redirection; by HTTP POST, domain generating algorithms, and HTTP redirects.
The usage of exploit kits has risen by 75 percent since last year; Angler is just the tip of the spear. However, this exploit can infect a broad range of users due to its number of infected sites and its ability to remain undetected. The fact that this exploit has compromised 30 of Alexa’s top sites makes it all the more problematic.