This Post was Authored by Nick Biasini, with contributions by Joel Esler
Exploit Kits are one of the biggest threats that affects users, both inside and outside the enterprise, as it indiscriminately compromises simply by visiting a web site, delivering a malicious payload. One of the challenges with exploit kits is at any given time there are numerous kits active on the Internet. RIG is one of these exploit kits that is always around delivering malicious payloads to unsuspecting users. RIG first appeared in our telemetry back in November of 2013, back then we referred to it as Goon, today it’s known as RIG.
We started focusing on RIG and found some interesting data similar to what we found while analyzing Angler. This post will discuss RIG, findings in the data, and what actions were taken as a result.
The Exploit Kit Overview
RIG compromises users like any exploit kit. It starts with a user being redirected to a landing page. This is done via malicious iframes or malvertising and looks similar the following:
It begins with an initial link to a javascript:
Very informative as usual and as a bonus will setup my DNS at home to use OpenDNS. 🙂
Thanks
I did not know about the threat from rigging until reading this article. Good information to try and stay safer while surfing the web.
Guess that’s why most workplaces disallow surfing the web with browsers. What a shame. But productive!
Great article and thanks for the information!