The first two questions about malware are impossible to quickly answer in regards to exploit kits – and this is more than an IT communication problem. “What does it do?” is the first question most people have about any new type of malware.
That’s logical. Who would NOT want to know about the risks from any malware encrypting your device or spewing private data everywhere in cyberspace? But, that’s not a great question to ask regarding exploit kits.
“Exploit kits usually do nothing to directly damage your device,” is the partial answer.
That’s reassuring. So am I vulnerable?
“Maybe yes, maybe not so much – it really depends,” is the answer.
So it does not damage my device and my vulnerability is variable…
…what’s the big deal with them?
“They know a LOT of other malware that can seriously mess up your device,” reads the rest of the response. “Your vulnerability partially depends on how updated your device is – you know, those really irritating reminders about Adobe Flash, Java, Silverlight, and more which you have ignored.”
Yes, exploit kits are bad news all around. While some might call them MASS or Malware-as-a-service, you could also just call them an outsourced shopping list for the bad guys. It works pretty much the way you would use a shopping list to find bargains at the supermarket.
Each exploit kit comes with a long shopping list of known and unknown vulnerabilities. Just like you pull out the list when stepping into the store, once they get in a device, they quickly scan it for any potential vulnerabilities on their list. This could be the latest zero-day vulnerability or just unpatched software. In fact, the Rig exploit kit looks for around six different vulnerabilities – and it does this within a few seconds.
When the exploit kit finds such a vulnerability, it springs into action and makes an announcement back to its managers: “Customer service, requesting malware for unpatched app on aisle 12” – then the bad guys send in the selected code from their servers.
Customer service is really important for exploit kits because they involve two layers of bad guys. First, there are the people that actually write the kits. Second, there are the non-techie bad guys that rent the exploit kits. And this second group really appreciates – and needs – customer service to customize the exploit kit according to their needs. This personalized level of service makes a weaponized exploit kit flexible, readily available, and dangerous.
People pick up exploit kits when they do normal internet activities — click on malvertising, go to hacked websites, or simply open an infected file.
There are three top defenses against exploit kits
- Have an antivirus that IDs and stops infected websites.
- Use an ad blocker to shut out potentially infected ads.
- Keep your apps current with a software updater such as the Avira Free Software Updater.
With these three on your side, you have layered protection against exploit kits. After all, you should do the shopping – don’t let the bad guys take you to the checkout counter.
By: Lyle Frink