Exploit Kits on the Rise: January Malware Report

January 10, 2017 | By

At Strongarm we’re constantly updating our intelligence sources to categorize domains as malicious and block them. Over the past week, we added more than 1,200 domains that were reported as malicious and removed a few that were found to be false positives or to no longer be malicious. These domains are a combination of compromised sites (legitimate websites that have been hacked); malware download locations; malware command & control; and other domains related to malicious activity.

Most of the newly blocked domains were related to exploit kits, which we’ve previously written about. Most of the exploit kits (generally the variants known as RIG and Sundown) were served via malvertising or compromised websites in order to install ransomware (mostly Cerber or Locky). Interestingly, some of our sources have been tracking a few legitimate websites that have been compromised for months. There’s no need to worry if you’re a Strongarm customer, these domains have been added to Strongarm’s blacklist.

This marks the sixth month in a row we’ve seen an increase in exploit kit use. Ransomware operators are shifting to using more exploits against your web browser and fewer tricks via phishing emails. Looking for ways to protect yourself from this attack? We recommend two things: keep your web browser (and other software that runs on your devices) up-to-date and use Strongarm to automatically block domains that have been hacked and poisoned with malware.

This is the first in our series of monthly updates on the world of domain feeds and malware. Want to make sure you don’t miss any major malware news? Sign up for our newsletter!