New RIG 3.0 Malware infected over a million users in last 6 weeks

The RIG crimeware kit received a major upgrade in the last few weeks. Infecting about 27,000 victims a day, the new kit is partially utilizing vulnerabilities in Flash made public with the HackingTeam document exposures.

RIG itself needed to be updated after its source code was released by a disgruntled reseller of of toolkit. The new kit is targeting 3 vulnerabilities. CVE-2015-5122 for Adobe Flash, CVE-2014-6332 for Windows OLE and CVE-2013-2551 and attack on IE 6 through IE 10.

Most of the identified victims are outside the US, with Brazil and Vietnam having over 300,000 victims each. According to data provided by Trustwave, over 90% of those infected were via malicious ads. However, there were a number of attackers running the crimeware, with occasional overlap in the targets they were going after.

DarkReading

Leave a Reply