14 DAY TRIAL // Last week, security researchers from Zscaler noticed an increase in the number of compromised websites that distribute malware with the aid of the Red Kit exploit kit.
The security firm reports that cybercriminals have utilized two mechanisms to infect websites such as whitesteeple[dot]com, oute66marathon[dot]com and neptunebenson[dot]com.
One of the methods involves injecting a standard iframe that takes visitors through multiple redirections to a Red Kit landing page. The second method uses SEO techniques to perform HTTP 302 redirections to the malicious landing page.
The exploit kit leverages a Java sandbox bypass vulnerability to push a malicious file that’s designed to stop running if virtual machine or debugging environments are detected.
Once it’s executed, the malware, which is a keylogger Trojan, steals sensitive information from the infected system and sends it back to a remote server.
Currently, only three antivirus solutions are capable of identifying the threat.