- Content source
- http://malware.dontneedcoffee.com/2014/09/astrum-ek.html
I was chasing something else (the Kovter adfraud's Sweet Orange thread - Kovter is not a ransomware anymore (since at least march 2014)) when I received bullets from an undocumented "weapon" : an exploit kit that seems to be private (for now?) and based on the infection path (between an Adxpansion badvert on a porn website and the https goo.gl link to the landing ) in use by a group that was traffing to Reveton team's EK threads (so via Cool then Angler EK) :
