Rise of the Exploit Kit, Part 2

In part one of our “Rise of the Exploit Kit” I explained what these are and why they are so dangerous. This new form of malware isn't what we would consider a legacy virus. It works differently and therefore usually isn't detected by anti-virus suites. In this article, I will give you tips on how to protect yourself from this dangerous drive-by code.

FreeImages.com/Bartek Ambrozik

When you visit a high traffic site like The Weather Channel or MSN, there are ads that  run within the page you are visiting. These exploit kits hide in those ads and silently redirect users to a hidden landing page where their system is scanned. What is the EK looking for? It is wanting to know what kind of security your system has. Is it up to date? Do you have vulnerable software like Internet Explorer or Adobe Flash? It searches for any and all security holes your system may have. 
It then takes the information it has gathered and decides which malware to deliver to your system. Everything else is downhill from there.

A Recent Exploit Attack in Social Buttons

Some have described the EK as being the weapon that delivers the damaging ammo to a system. One of the more recent attacks we have seen is the hiding of the Angler EK in fake social button widgets. Website owners who use these compromised or fake widgets unknowingly place an infection point right on their site. Visitors who click on the compromised social “like” button are secretly redirected to a landing page where their system is scanned and infected.

Some of the most vulnerable software includes the following: Internet Explorer, Adobe Flash, Silverlight, Adobe Reader, and Java. Think of how many of you have one or more of these programs currently on your computer. What is a person to do?

Here are some tips to start with:

  • Keep your computer and anti-virus software up to date. 
  • Use browser add-ons that can block Flash or disable scripts. (such as NoScript)
  • Layer your protection with anti-virus and anti-malware. Yes, you need both. 
  • You may also want to use an anti-exploit software to round everything out.

It's no longer enough to stay away from shady websites or staying away from free downloads. You now need to be vigilant about what your system is doing behind the scenes. The only way to be sure is to install and maintain quality anti-virus and anti-malware protection. Right now the only strong anti-exploit software that I can recommend is Malwarebytes Anti-Exploit. You can try it out with their free trial. After that, it is $25 per year. Well worth some peace of mind.

Breaking News:

In December, Malwarebytes announced the launch of their next-generation product, Malwarebytes 3.0. This is a combination of their Anti-Malware, Anti-Exploit, Anti-Ransomware, Website Protection, and Remediation technologies all in one service. With this new product, you can replace your traditional antivirus. However, if you choose to use a third-party antivirus alongside Malwarebytes 3.0, they will complement each other.

If you are already a customer of Malwarebytes, you will be upgraded for free to the new product.

Malwarebytes 3.0 is the next-gen security program that protects you from the most advanced (zero-day) threats, making antivirus obsolete.The new price for Malwarebytes 3.0 is $39.99/year for 1 PC.

If you sign up for Malwarebytes Anti-Exploit using this link, you'll begin protecting your computer from the myriad of exploit kits that are loose on the Internet and we will receive a small commission that helps to support this website. Thank you in advance.

Return to Security

Return to HOME