Most people interested working with a cloud business model nowadays, even malware programmers. It is better than just one time selling a security exploit, authors of malware are now selling malware as a cloud-based service. This means they make money each time someone pays to rent one of them. Exploit kits (EKs) have been very effective in the meaning of infecting end users. There are many EKs in the Malware-as-a-Service market and Nuclear EK is one of them since 2010.
“Developers create tools that they sell or rent to customers through online black markets, complete with sales, money-back guarantees, and reputation systems to provide customers with assurances that they won’t get ripped off.” reads the 2016 Trustwave Global Security Report,
Check Point reports that they have found 15 active control panels for Nuclear which are rented for a few thousand dollars per month. It is estimated that the creators of the Nuclear EK are gaining nearly 100K USD each month.
The authors of the code check the country from which the victim is browsing, it is not eligible for countries Azerbaijan, Armenia, Belarus, Georgia, Kazakhstan, Kyrgyzstan, Moldova, Russia, Tajikistan, Uzbekistan, and Ukraine. It is most probably to avoid problems with the law in these countries.
Despite not running in these countries, Check Point statistics say that 1,846,678 machines were attacked and 184,568 machines were successfully exploited, nearly 10% success. As you can see in the graph below presenting successful infection rate per browser, the browser which has the highest percentage of success is Internet Explorer Version 8.
According to the report, the Europe and US are the main targets. Despite many banking trojans are distributed by the exploit kit, the number of ransomware infections is nearly three times that of banking trojan infections.
Studies made by Bitdefender shows us that;
Written by: Süleyman Petek
Süleyman Petek is an application security guy and also he loves to write code.
He has been on enterprise level projects since 2005 as a developer, as a scrum master and also as a software architect.
Living in Istanbul-Turkey and trying to keep alive his weblogs at www.suleymanpetek.com
If you appreciate my effort in spreading cyber security awareness, please vote for Security Affairs as best European Security Blog. Vote SecurityAffairs in every section it is reported. I’m one of the finalists and I want to demonstrate that the Security Affairs community a great reality.
(Security Affairs – Nuclear EK, malware)