<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=885880844953016&amp;ev=PageView&amp;noscript=1">
Posted by Michael Gorelik on September 26, 2017

 

This report was authored by: Michael Gorelik and Assaf Kachlon.

Last week’s malware news was filled with the CCleaner backdoor exposed by Morphisec’s security solution. This week Morphisec uncovered another ongoing malware campaign, this one a drive-by-download attack that uses a modified version of the old (in hacker time) favorite, the RIG exploit kit.

First appearing in 2014, RIG generally uses gates to redirect victims from a compromised website to a landing page that contains the EK, exploiting vulnerabilities in JavaScript, Flash and VBscript in the infection chain.

Over the past 10 days, Morphisec's Threat Prevention Solution stopped a modified RIG exploit kit distributed to a large number of customers in a major drive by download campaign. Upon customer notification about the web-borne attack, we immediately identified the type of exploit kit and the delivered exploits. We reported the abuse of the registered domains to Freenom.com, the domain registration entity.

Read More
Posted by Michael Gorelik on September 18, 2017

 

As widely reported today, the Avast-owned security application CCleaner was illegally modified by hackers to establish a backdoor to the hackers’ server. According to Avast, some 2.27 million users were running the weaponized version 5.33 of CCleaner. In addition, the CCleaner cloud version 1.07 was affected. Morphisec was first to uncover the CCleaner Backdoor and notify Avast. 

Morphisec identified and prevented malicious CCleaner.exe installations on August 20 and 21, 2017 at customer sites. On September 11, 2017, some customers shared their logs of the prevented attacks with Morphisec, which our team immediately started to investigate.

Read More
Posted by Michael Gorelik on January 13, 2016

The recent discovery of vulnerabilities in antivirus software by enSilo sparked curiosity among the Morphisec Labs team. After a long deep dive and to our surprise, our research found that the vulnerability wasn’t an unintentional flaw in the code, it was a feature! Here is how it works.

Read More
Posted by Michael Gorelik on October 1, 2015

One of our favorite things to do is to reproduce exploits in our research labs. We do this for two main reasons: first, because we are naturally curious, and second, to constantly ensure that our solution prevents these exploits natively (spoiler: it does ;).

Read More