Terror Exploit Kit

new Exploit kit (EK) has been identified delivering a crypto-currency miner payload. The Terror EK stands out of the crowd because it is believed to be developed by a single person.

Threat ID:: CC-1307
Category:
Threat Severity:: Medium
Threat Vector:: Drive by download
Published:: 5 April 2017 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

new Exploit kit (EK) has been identified delivering a crypto-currency miner payload. The Terror EK stands out of the crowd because it is believed to be developed by a single person.

Affected platforms

The following platforms are known to be affected:

Microsoft Windows

Microsoft Windows - all versions

Threat details

The new EK is capable of exploiting eight vulnerabilities in Internet Explorer, Adobe Flash and Mozilla Firefox. The exploits are a combination of Metasploit exploits and borrowed exploits from the Sundown and Hunter EKs. A publically available Hacking Team Flash exploit is also part of the kit.

It is believed that the author used source code from the Sundown EK which has also delivered crypto-currency miners in the past. At the time of publication there is no decryption service available.

Remediation advice

For an organisation to be in the best possible position to protect itself from the Exploit Kit, it should consider:

Remediation steps

Type	Step
	Ensure all software is kept up-to-date, including application of regular monthly patches The use of a robust security solution including the use of an intrusion detection and intrusion prevention system Up-to-date anti-virus software providing the latest malware signatures Educating staff on the dangers of clicking on banners

Last edited: 17 February 2020 11:40 am