Best Security Search
Suspicious Software

Sundown Exploit Kit Updated

Computer criminals have updated the dangerous Sundown exploit kit to include steganography features, continue reading to learn more about the threat.

The Sundown Exploit Kit Now Features Steganography

Security experts have uncovered updated variants of the notorious Sundown exploit kit which is used to deliver a variety of different malware and ransomware to chosen targets. The Sundown exploit kit was made famous in September where it started to deliver the CryLocker ransomware and other dangerous viruses. This virus was unique as it used PNG graphic files to pack the harvested information from the compromised system. The images are then uploaded were then uploaded to a IMgur album where the criminal operators could access them and thereby avoid detection. This steganography technique was the hallmark of the infection routine and now the Sundown Exploit Kit features an update that has this capability built-in.

The new versions of the dangerous hacking tool was discovered in samples captured on December 27 2016. In these iterations hackers used the PNG images not only to store the harvested information but also the exploit code as well. Sundown was used in multiple malware campaigns that distributed different computer viruses. According to the released statistics the most affected countries include France, Japan and Canada.

After a detailed analysis of the code the researchers uncovered that it featured a vulnerability tracked in the CVE-2015-2419 advisory. It exploits a vulnerability in the Internet Explorer browser which is associated with inappropriate handling of JavaScript code. Another exploit that was featured by the updated version of the exploit kit is CVE-2016-4117 which runs through the Adobe Flash Player. The landing page itself also utilizes another Internet Explorer bug tracked in CVE-2016-0189.

One of the viruses that was isolated by the dropper is the banking Trojan Chtonic which is a variant of the infamous Zeus malware.

The Sundown Exploit Kit has used the folowing domains and matching IP addresses in the analyzed attacks:

xbs.q30.biz (188.165.163.228)
cjf.0340.mobi (93.190.143.211)

Why The Sundown Exploit Kit Has Adopted Steganography?

Steganography is one of the most widely used and effective measures that safeguard malware payloads from detection. They rely on the fact that a variety of different files can store binary information and harvested information in containers used by computer users without their knowledge. These include photo, video and audio files which can contain dangerous code which cannot be detected by the user.

You can protect yourself from the exploit kit and its payloads by using a trusted anti-spyware tool. It can scan your computer, remove existing threats and protect your computer from future threats.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.