Sundown exploit kit first to use IE flaw in attack on Japan

News by Danielle Correa

Symantec has found that the Sundown exploit kit (EK) has begun to take advantage of a recent IE vulnerability, CVE-2015-2444

Symantec has found that the Sundown exploit kit (EK) has begun to take advantage of a recent Internet Explorer (IE) vulnerability, CVE-2015-2444. EK has been the first to integrate an exploit for the bug and used it in a recent watering-hole attack on Japan.

The CVE-2015-2444 exploit was first released to the public on 12 August. Microsoft patched this bug in a security update.

Symantec observed attackers using Sundown to exploit this bug in attacks and drop a back door Trojan on computers, primarily affecting users in Japan. The attackers injected an iframe into a valid website, redirecting users to a highly confused landing page which contained the Sundown exploit kit.

When the users arrived to the page, the exploit kit checked the computer for driver files related with particular security software, controlled application environments and traffic-capturing tools. The EK didn't drop exploits if any of these products were present in order to avoid detection.

The exploit kit attempted to exploit vulnerabilities in different software after checking for acceptable conditions. If the kit was successful in exploiting any vulnerabilities, it dropped Trojan.Nancrat onto the victim's computer. The threat acts as back door and steals information from the compromised computer.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike