- Jan 24, 2011
- 9,378
The exploit kit (EK) landscape appears to have lost another major player, with unconfirmed rumors that the Neutrino exploit kit has shut down, or at least moved to a private client without being available on the "for-hire" market.
French security researcher Kaffeine published today a message exchanged in the criminal underground. The text reads "we are closed. no new rents, no extends more," and is a Jabber message sent by the Neutrino EK author to another third-party.
The date of the message is September 9. Banners advertising the Neutrino exploit kit have disappeared from underground hacking forums around September 16.
Neutrino has been losing clients to RIG for the past month
Malicious traffic campaigns that redirected users to the Neutrino EK didn't stop all of a sudden after that message but slowly switched to the RIG exploit kit during the past month. Security firms like Malwarebytes, Heimdal Security, and Malware Traffic Analysis noted a slowdown in Neutrino activity this past month.
Kaffeine says that after October 1, except two campaigns, the Neutrino exploit kit is all but gone.
At the end of August, a joint Cisco and GoDaddy operation shut down a large number of malvertising campaigns running on the Neutrino EK.
The gang behind Neutrino either got spooked because their operation was tracked down or have lost a great deal of credibility in the underground market.
Based on the message Kaffeine discovered, it appears the first theory might be more realistic, with the Neutrino gang slowly retreating from the market, afraid they might get too exposed and then arrested.
Read more: http://news.softpedia.com/news/neutrino-exploit-kit-activity-slows-down-to-a-trickle-508861.shtml
Related: https://blog.malwarebytes.com/threa...7/a-look-into-some-rig-exploit-kit-campaigns/
French security researcher Kaffeine published today a message exchanged in the criminal underground. The text reads "we are closed. no new rents, no extends more," and is a Jabber message sent by the Neutrino EK author to another third-party.
The date of the message is September 9. Banners advertising the Neutrino exploit kit have disappeared from underground hacking forums around September 16.
Neutrino has been losing clients to RIG for the past month
Malicious traffic campaigns that redirected users to the Neutrino EK didn't stop all of a sudden after that message but slowly switched to the RIG exploit kit during the past month. Security firms like Malwarebytes, Heimdal Security, and Malware Traffic Analysis noted a slowdown in Neutrino activity this past month.
Kaffeine says that after October 1, except two campaigns, the Neutrino exploit kit is all but gone.
At the end of August, a joint Cisco and GoDaddy operation shut down a large number of malvertising campaigns running on the Neutrino EK.
The gang behind Neutrino either got spooked because their operation was tracked down or have lost a great deal of credibility in the underground market.
Based on the message Kaffeine discovered, it appears the first theory might be more realistic, with the Neutrino gang slowly retreating from the market, afraid they might get too exposed and then arrested.
Read more: http://news.softpedia.com/news/neutrino-exploit-kit-activity-slows-down-to-a-trickle-508861.shtml
Related: https://blog.malwarebytes.com/threa...7/a-look-into-some-rig-exploit-kit-campaigns/
