Slashdot Mirror

← Back to Stories (view on slashdot.org)

Angler Exploit Kit Evasion Techniques Keep Cryptowall Thriving

Posted by timothy on from the jerkfaces-being-jerkfaces dept.

msm1267 writes: Since the Angler Exploit Kit began pushing the latest version of Cryptowall ransomware, the kit has gone to great lengths to evade detection from IDS and other security technologies. The latest tactic is an almost-daily change to URL patterns used by the kit in HTTP GET requests for the Angler landing page, requests for a Flash exploit, and requests for the Cryptowall 3.0 payload. Traffic patterns as of yesterday are almost unrecognizable compared to those of as recent as three weeks ago.

2 of 36 comments (clear)

  1. Not a Federal priority by Okian+Warrior · · Score: 4, Interesting

    As many people have pointed out, it's straightforward to set up a honeypot that triggers the exploit, pay the ransom, and then follow the money.

    Many people are affected by ransomware. If the US made fixing this problem a priority, many *people* would be relieved of anguish and suffering.

    Instead, the feds look into crimes against corporations. How's that investigation into fiber cutting in San Francisco coming along?

    Or crimes against authority. What was the cost versus benefit of the Silk Road investigation?

    If the US made *people* a priority, it would get done.

    (And for the record, Bitcoin is not anonymous and we have agreements with other countries for criminal activity. )

  2. Antivirus is useless. by Anonymous Coward · · Score: 2, Interesting

    https://www.virustotal.com/en/file/2dfd43d6776b5712e5fd9d82d3a6b5d0097d2b9371915539ed0b88f4097224a8/analysis/

    This sample came in nearly a day ago. When I first saw it hours after, only 5 detected it. As of this posting it's roughly at 28/56. The other half that don't detect it is the lower end of the AV spectrum, along with MSE.

    It took about 6 hours after the sample came for the heavy dogs: NOD32, Kaspersky, BitDefender and etc to detect it.