RIG Exploit Kit

Posted: June 27, 2014

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	10,006
Threat Level:	1/10
Infected PCs:	850

First Seen:	June 27, 2014
Last Seen:	October 16, 2023
OS(es) Affected:	Windows

The RIG Exploit Kit is an online threat that uses software exploits, including ones that may take advantage of Netflix users specifically, to install threats onto their computers. Most exploit kit attacks may be modified to include different payloads, but the RIG Exploit Kit particularly is associated with the distribution of ransomware, which encrypts files and attempts to defraud the PC's user. Compromised advertising networks and other websites are the RIG Exploit Kit's main vehicle for distribution, and using anti-script and anti-advertising features, in combination with other PC security solutions, should be adequate protection from its attacks.

The Exploit Kit that Drills into Your Files to Mine Your Wallet

Exploit kits are one of the central and recurring components of the threat industry, doing the humble work of installing threatening software, whether or not the PC user at the other end of the attack has given his consent. The RIG Exploit Kit is one of the newest examples of these PC threats, and currently is used to distribute CryptoWall, a file encryptor Trojan that may modify files to make them unusable and then demands a fee before it will return them to normal. Like similar attacks, Cryptowall also may add time pressure by claiming to delete the pertinent information if the victim ignores its deadline for the payment, although malware experts have not verified this behavior.

The RIG Exploit Kit may distribute Cryptowall through compromised advertising networks and especially targets the Silverlight platform, but also may exploit other avenues of attack like Flash or Java. Malware researchers also have seen Cryptowall distributed in attacks that don't use the RIG Exploit Kit, such as one particularly noteworthy case of a Durham police department network whose compromise is traceable to a breach of e-mail safety protocols.

As with all file encryptors and other types of ransomware, paying the associated fee is not the recommended response. Instead, merely using remote backups to restore your files, along with anti-malware tools to delete Cryptowall, should be a sufficient – and much cheaper than otherwise – solution.

Taking the Exploits out of Your Web Browser Before Trojans Take Money out of Your Wallet

The RIG Exploit Kit's current infrastructure may use a range of different technical defenses against analysis, including piggybacking off of legitimate (but hacked) domains and preventing itself from being repeatedly loaded from the same IP address. However, none of these defenses should prevent the RIG Exploit Kit from being blocked by traditional browser security methods, which should include:

Using persistent anti-malware tools that can detect browser-based threats.
Using browser settings or add-ons that force any scripts to request permission to launch.
Using advertisement-blocking solutions.
Updating Java, Flash and other, equally vulnerable products, which will lower the amount of exploitable security flaws.

For all of the risk that the RIG Exploit Kit represents to the files on any PC, its attacks are symptomatic of the continued reliance people have on proven means of thwarting security to make a profit. As a result, malware experts continue to advise all readers to use the same forms of protection that would be equally effective against other exploit kit-based attacks.

Technical Details

Additional Information

The following URL's were detected:

https://feed.globalsearchconverter.com/?q=