Security researchers took a close look at the Magnitude Exploit Kit (EK), a malicious package accounting for a large portion of the exploit kit market share and famous for being used to infect high-profile websites such as Yahoo Ad Network and PHP.net.



Trustwave managed to learn about the inner workings of the threat after examining its administration panel, which revealed a well-oiled crime machine ready to adapt in order to evade attempts from security companies to disrupt its activity.

The control page of the package offered its operators complete information on the infection rates, domain blacklisting, antivirus detection rates for the exploits, self-imposed geo-IP restrictions preventing malware spread, and details about the victims’s machine (operating system and web browser used) and country.

Moreover, Trustwave reports that Magnitude’s administration panel also provides the latest news about the EK. For instance, the operators posted that they made the decision to reset statistics twice a week, for security reasons.

At one point, they let other users know that the malware delivery mechanism had been improved and that the infection rate should see an increase.

Magnitude EK relied on just three exploits, one for Internet Explorer 6 through 10, responsible for most infections (85%), and the other two for Java.

Trustwave researchers found that the EK delivered no less than seven malware pieces to the victim, allowing its customers to use their own malicious files.

For a better understanding of the efficiency of this exploit kit, it should be said that out of 1.1 million attempts of infection, 210,000 machines fell victim. This amounts to a 20% rate of success in a single month, with multiple different threats delivered to the victims’s computers.

The operators behind Magnitude did not discriminate and targeted absolutely any machine that could be infected. Trustwave says that “a few hundred of the machines that Magnitude attempted to infect were from government agencies from the US, Canada, UK and several other countries. Also recorded computers from several universities in Australia, Hong Kong, the US and others.”

At the top of the list of countries most affected by Magnitude EK are United States, France, Iran, and the UK.

In just a few weeks, a total of 211 unique malware samples were distributed by the package and each successful compromise meant that the victim’s computer received five or six of them, sometimes belonging to the same malware family.

Magnitude Exploit Kit was used to deliver all sort of malware, from info stealers (Alureon, Tepfer, Zeus) to crypto-malware (CryptoWall) and backdoors (Nymaim, Vawtrak, Simda).

Multiple security solutions on the market offer protection against it at the moment.
Kepler Reviewed by Kepler on . Magnitude Exploit Kit Is a Well-Oiled Crimeware http://i1-news.softpedia-static.com/images/news-700/Magnitude-Exploit-Kit-Is-a-Well-Oiled-Crimeware.jpg Security researchers took a close look at the Magnitude Exploit Kit (EK), a malicious package accounting for a large portion of the exploit kit market share and famous for being used to infect high-profile websites such as Yahoo Ad Network and PHP.net. Trustwave managed to learn about the inner workings of the threat after examining its administration panel, which revealed a Rating: 5