Updated Sundown Exploit Kit Uses Steganography
Jump to navigation
Jump to search
(Publication) Google search: [1]
| Updated Sundown Exploit Kit Uses Steganography | |
|---|---|
| Botnet | |
| Malware | |
| Botnet/malware group | |
| Exploit kits | Sundown |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2016 / 2016-12-29 |
| Editor/Conference | TrendLabs Security Intelligence Blog |
| Link | http://blog.trendmicro.com/trendlabs-security-intelligence/updated-sundown-exploit-kit-uses-steganography/ (Archive copy) |
| Author | Brooks Li, Joseph C. Chen |
| Type | Blogpost |
Abstract
“ Sundown is something of an outlier from typical exploit kits. It tends to reuse old exploits and doesn’t make an effort to disguise their activity. The URLs for Sundown requests for Flash files end in .swf, while Silverlight requests end in .xap. These are the normal extensions for these file types. Typically, other exploit kits make an effort to hide their exploits. In addition, Sundown doesn’t have the anti-crawling feature used by other exploit kits.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2016BFR5313,
editor = {TrendLabs Security Intelligence Blog},
author = {Brooks Li, Joseph C. Chen},
title = {Updated Sundown Exploit Kit Uses Steganography},
date = {29},
month = Dec,
year = {2016},
howpublished = {\url{http://blog.trendmicro.com/trendlabs-security-intelligence/updated-sundown-exploit-kit-uses-steganography/}},
}