Recent Webinar: Building an Adaptive Cyber Resilient Cloud
arrow-white arrow-white Watch now
close

Angler May Have Disappeared but Neutrino Quickly Fills In

Posted by Michael Gorelik on July 6, 2016
Find me on:

Angler Hangs Up Its Pole

Back in April, more than 80% of drive by download attacks were attributed to Angler. Now? Nearly zero. Speculation abounds regarding its disappearance earlier this month. A vacation by Angler operators? Black market price wars? But the close timing to the roundup in Russia of 50 criminals associated with the Lurk banking Trojan attacks seems the most likely culprit. In this case, Angler may be off the table for good. Unfortunately, Angler’s apparent demise didn’t slow down cyber criminals for long; they simply switched to Neutrino.

The Return of Neutrino

Neutrino has been around even longer than Angler, first reported in March 2013 by Kafeine on his Malware don't need Coffee blog. While it lacks some of the sophisticated detection evasion mechanisms of Angler, it’s still plenty destructive, especially as a delivery vector for ransomware. Like Angler and many other exploit kits, Neutrino is tied to organized crime groups that operate sophisticated infrastructures which include everything from malware development to command and control servers. This malware-as-a -service business model means new variants can be applied immediately. The latest reported Neutrino-based attack involved malicious JavaScript code on a popular anime site that redirected visitors to the Neutrino EK. The payload was the revamped CryptXXX ransomware.

Morphisec Against Neutrino

For Morphisec, the payload is irrelevant as Neutrino never even gets the chance to execute. In the below video, see what a Neutrino attack looks like (without Morphisec), which other security agents block it (spoiler alert – almost none), and how Morphisec quickly tackles the threat.

 

New Call-to-action