The RIG crimeware kit received a major upgrade in the last few weeks. Infecting about 27,000 victims a day, the new kit is partially utilizing vulnerabilities in Flash made public with the HackingTeam document exposures.
RIG itself needed to be updated after its source code was released by a disgruntled reseller of of toolkit. The new kit is targeting 3 vulnerabilities. CVE-2015-5122 for Adobe Flash, CVE-2014-6332 for Windows OLE and CVE-2013-2551 and attack on IE 6 through IE 10.
Most of the identified victims are outside the US, with Brazil and Vietnam having over 300,000 victims each. According to data provided by Trustwave, over 90% of those infected were via malicious ads. However, there were a number of attackers running the crimeware, with occasional overlap in the targets they were going after.