Fallout Exploit Kit

The Fallout Exploit Kit is a package of software vulnerabilities and scripts that run through your Web browser. Current attacks are abusing compromised advertising networks and patchable exploits to infect your PC along with a variety of pseudo-consensual software-downloading tactics. Users can disable the features noted in this article, update their other software, and install browser security products for blocking this threat's attacks. Always scan your PC after any suspected contact with EKs for removing both Fallout Exploit Kit's remaining components and any threatening programs that it may install.

Your PC's Daily Dose of Radiation Poisoning

While law enforcement around the world has been fighting against the threat actors whose campaigns are responsible for many of the most notorious EKs or exploit kits actively, not every criminal using that browser-based infection strategy is behind bars. Japanese PC security researchers at Nao_sec are offering up initial analyses of a new EKs campaign that uses a flexible combination of techniques to attack its victims. Like many of the same kinds of drive-by-downloads attacks from elsewhere, malware experts note that simply installing security updates will provide substantial protection from the new Fallout Exploit Kit.

The Fallout Exploit Kit isn't Japan-specific, and, besides targeting most of Asia, also is active in some parts of Europe and the Middle East. Compromised advertising Web content delivers the redirects to its page. Once the user's browser loads the site, the Fallout Exploit Kit may take one of several actions, out of which, malware experts are highlighting:

• Preferentially, the Fallout Exploit Kit attacks your PC using a remote code execution vulnerability through VBScript. This attack isn't a 'zero-day' exploit and is fixable with a Microsoft patch since May of 2018.
• If that flaw is no longer present or the user has disabled VBScript, the Fallout Exploit Kit has a fallback plan: a second vulnerability in Adobe's Flash (which, also, is patchable).
• A third 'solution' for the EK also is being supported. If no exploitable vulnerability is in evidence, the Fallout Exploit Kit merely redirects the user to a fake download page for an update to Adobe's Flash Player or an anti-virus program. This social engineering tactic tricks the user into downloading the payload themselves.

Like every other exploit kit, the Fallout Exploit Kit can drop multiple threats on an exposed PC and is a facilitator of further attacks and security breaches.

Finding Safe Shelter from a Fallout Exploit Kit

Out of the many possibilities for its payload, malware experts are verifying the Fallout Exploit Kit's distributing members of the GandCrab Ransomware family, miscellaneous Trojan downloaders, and PUPs (or Potentially Unwanted Programs, such as adware and unwanted browser extensions). File-locker Trojans like the GandCrab Ransomware (which undergoes revisions, up to version GandCrab4 Ransomware) can block files on a PC and network-accessible drives and devices indiscriminately and may make retrieving that media impossible. Additional security issues should be considered on a case-by-case basis as your security software detects the threats in question.

Windows users should install any missing Microsoft patches for guaranteeing that the first vulnerability in a Fallout Exploit Kit attack is unusable, and either update or disable Flash, in turn. Typical routines for avoiding download-based tactics can protect Web surfers from software that's pretending that it's from a well-known brand, but is using a non-official website, or, otherwise, pretending that it's something that it isn't. Most anti-malware programs provide various levels of protection against drive-by-downloads and can delete the Fallout Exploit Kit's payloads and any associated, Web-browsing files automatically.

With three ways of harming individuals around the planet, the Fallout Exploit Kit has widely-applicable options for adjusting its strategies for different targets. While some versions include self-terminating defenses for avoiding security analysis-based machines, most users should do more than hope that this EK will think that they're cyber-security researchers mistakenly.