FireEye uses kit at a new loophole discovering by August (EK) , it is to be aimed at Japan, Korea, middle east, meridional the one part that with Asia-Pacific area the ill will of other country user atttacks an activity.
First time activity is on August 24, 2018, undertake on domain name Finalcountdown. The researcher of Tokyo " Nao_sec " an example that discovered this activity on August 29, they call this flaw kit Fallout Exploit Kit in their rich guest article. FireEye observed the other area related to the activity and effective load. Besides the SmokeLoader that issues in Japan, they still observe GandCrab blackmails software to be being issued in middle east area.
If the user configures the target that file and kit are interested in to match, so Fallout EK will answer quarter user browser configures a file and deferent and baleful content. If match successfully, meet the user from true advertiser page (through many 302 heavy directional) heavy directional use kit to land to flaw page network address. From lawful region, amortize region, use kit to if the graph is shown 1 times,land the complete catenary of the page to flaw next.
Advocate ad page can take buffer region to link beforehand when to load advertisement, ban in the browser when using JavaScript, use the link with <noscript> mark separate to load.
According to the browser / what OS configures file and user position is different, malvertisement or offers flaw kit, or tries the user new way by to activity of other society project. For example, in MacOS system of the United States, malvertising weighs the user directional try to social project.
This strategy and the origin that the socialization that FireEye observes since period of time is versed in Cheng tries are consistent, aggressor uses them to come the operating system that fixed position revamps a system completely or those do not suit to undertake flaw is atttacked / software configuration file. In a lot of social project activities of North America, ill will is heavy directional and same be abused badly.
If atttack a success, the computer of the user will download installation trojan program, next the trojan will seek next course, if search, enter infinite loop but do not carry out activity of ascensive ill will. Otherwise, it will download and carry out installation GandCrab to blackmail the applied program extension of software. When GandCrab infects the computer, its meeting adds.KRAB patulous name in adding secret file, leave a piece of atone for metal bar that the name is Krabi - Decrypt.txt.
In recent years, be arrested strictly of next each right actions and perserve the ground is destroyed bring about flaw to use kit activity frequency to drop quickly. But, flaw uses kit to repaired systematic user completely to moving still to constitute great menace. Nowadays, the frequency that Asia-Pacific area occurrence flaw uses kit activity is even more frequent, dart user often has more to get the software of attack easily. Meanwhile, in North America, the key often is directer social project activity. Suggest average user suffers Fallout flaw to use the influence of kit to protect equipment to avoid, answer to install newest Windows safety in time to update, long the program that does not replace is best slam the door in case the passage that its make charge.
