Visiting popular websites and getting infected without any interaction? ESET explains how the stealthy Stegano exploit kit, hiding in the pixels of malicious ads, is capable of performing this dirty job.
Readers of popular websites targeted by stealthy Stegano exploit kit hiding in pixels of malicious ads
Millions of readers who visit popular news websites have been targeted by a series of malicious ads redirecting them to the Stegano exploit kit.
Aleksandr Matrosov notes a new exploit kit approach to hiding redirects using implicit iFrame injection. (NB Nuclear Pack, not Blackhole.)
Why you really might prefer to pay for AV security. Free Fall or Free-for-All?
The Blackhole exploit kit has been updated to version 1.2.3 and includes a new exploit for the Java CVE-2012-0507 vulnerability, which ESET calls Java/ Exploit.CVE-2012-0507
Research by Aleksandr Matrosov and Vladimir Kropotov on distribution of a CVE-2011-3544 exploit by FTP.
This article was written in collaboration with my colleague Jean-Ian Boutin. The Wigon botnet (also known as Cutwail) is being used in a massive spam campaign. A multitude of ruses are used to get the user to click on a link: fake LinkedIn or Facebook notifications, free Windows licenses, fake deliveries etc. The links are
"Win32/Carberp: When You're in a Black Hole, Stop Digging" aggregates most of our published material on Carberp into a single resource.
This article examines the relationship between the Black Hole exploit kit and Win32/Carberp.