Stamp EK Exploit Kit

Posted: February 12, 2013

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	9/10
Infected PCs:	48

First Seen:	February 12, 2013
OS(es) Affected:	Windows

One of the latest chains in the link of the Reveton ransomware attacks has been identified: Stamp EK Exploit Kit, an online exploit package that uses drive-by-downloads to install Reveton Trojans as soon as a vulnerable browser loads its website. Links to these sites have recently been spammed throughout Sourceforge.net and Github.com, allowing for a widespread distribution of Stamp EK Exploit Kit's among their user bases. If you frequent either one of these sites or have any other reason to think your PC may have suffered from a Stamp EK Exploit Kit attack, SpywareRemove.com malware experts recommend the usual methods of disinfection: booting into Safe Mode and then utilizing your anti-malware software to remove all threats related to the Stamp EK Exploit Kit.

How the Stamp EK Exploit Kit Puts Its Stamp on You

Similar to the Whitehole Exploit Kit, NuclearPack Exploit Kit, Cool Exploit Kit, Phoenix Exploit Kit or the particularly memorable Blackhole Exploit Kit, the Stamp EK Exploit Kit is a package of online software vulnerabilities that may be abused to install malware onto your computer. Current payloads for the Stamp EK Exploit Kit use ransomware Trojans from the Reveton family, but a Stamp EK Exploit Kit can just as easily install other forms of harmful software.

The initial contact with Stamp EK Exploit Kit is promoted by spam links that are disguised as erotic photographs and distributed on normally-safe sites. Clicking on these links will send your browser to either a fake Youtube web page or a fake pornographic media site, both of which host Stamp EK Exploit Kit. SpywareRemove.com malware analysts warn that unless the Stamp EK Exploit Kit is blocked by anti-malware software or your web browser's security settings, the Stamp EK Exploit Kit will load automatically and proceed to detect vulnerabilities that can be used to install a variant of Reveton (sometimes referred to as the well-known Ukash Virus).

Rubbing the Mark of the Stamp EK Exploit Kit's Faux-Police Off of Your Screen

The Stamp EK Exploit Kit's payload Reveton is noteworthy for its heavy distribution throughout first-world regions like Europe. Symptoms of a Reveton infection usually include desktop-blocking fake police alerts, illegal ransom requests through voucher systems, disabled security programs and possible browser hijacks. While SpywareRemove.com malware experts note that the Stamp EK Exploit Kit is a web page-based PC threat that doesn't need to be removed from your computer, malware that's installed by the Stamp EK Exploit Kit should be considered highly dangerous and must be removed as quickly as possible.

Since ransomware like the ones installed by the Stamp EK Exploit Kit usually will try to block anti-malware programs that can remove them, you may need to disable the Stamp EK Exploit Kit's payload before anything else is done. Both Safe Mode (an alternative system boot feature for Windows) and booting your computer from a separate OS (such as one that's loaded onto any USB drive) can fulfill this requirement. SpywareRemove.com malware experts especially warn against paying the fines that the Stamp EK Exploit Kit's Trojans levy against your computer – since these fees don't have any legal authority behind them and, even if they're paid, will not help your computer.

Stamp EK Exploit Kit

Threat Metric

How the Stamp EK Exploit Kit Puts Its Stamp on You

Rubbing the Mark of the Stamp EK Exploit Kit's Faux-Police Off of Your Screen

Leave a Reply