<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=885880844953016&amp;ev=PageView&amp;noscript=1">

The King is Dead, Long live the King: Angler May Have Disappeared but Neutrino Quickly Fills In

Posted by Michael Gorelik on July 6, 2016 at 10:11 AM
Michael Gorelik
Find me on:

Angler Hangs Up Its Pole

Back in April, more than 80% of drive by download attacks were attributed to Angler. Now? Nearly zero. Speculation abounds regarding its disappearance earlier this month. A vacation by Angler operators? Black market price wars? But the close timing to the roundup in Russia of 50 criminals associated with the Lurk banking Trojan attacks seems the most likely culprit. In this case, Angler may be off the table for good. Unfortunately, Angler’s apparent demise didn’t slow down cyber criminals for long; they simply switched to Neutrino.

The Return of Neutrino

Neutrino has been around even longer than Angler, first reported in March 2013 by Kafeine on his Malware don't need Coffee blog. While it lacks some of the sophisticated detection evasion mechanisms of Angler, it’s still plenty destructive, especially as a delivery vector for ransomware. Like Angler and many other exploit kits, Neutrino is tied to organized crime groups that operate sophisticated infrastructures which include everything from malware development to command and control servers. This malware-as-a -service business model means new variants can be applied immediately. The latest reported Neutrino-based attack involved malicious JavaScript code on a popular anime site that redirected visitors to the Neutrino EK. The payload was the revamped CryptXXX ransomware.

Morphisec Against Neutrino

For Morphisec, the payload is irrelevant as Neutrino never even gets the chance to execute. In the below video, see what a Neutrino attack looks like (without Morphisec), which other security agents block it (spoiler alert – almost none), and how Morphisec quickly tackles the threat.

 

New Call-to-action

 

Topics: Attack Analysis

Welcome to our Blog

Keeping you in the loop with company updates, industry insight, cyber security trends, and cyber attack information.

Subscribe to the blog

Morphisec Named a Cool Vendor 2016

Morphisec is a Gartner Cool Vendor 2016

Each year Gartner identifies new Cool Vendors it considers innovative or transformative. Morphisec is honored be to named a Cool Vendor 2016. Here's more....

 

Recent Posts

Most Popular Posts