Categories: SecurityWorkspace

Magnitude Exploit Kit Grows In Popularity Thanks To Free Distribution Model

An exploit kit called Magnitude (formerly known as PopAds) continues to gain popularity among cyber criminals, thanks to its high success probability and an innovative distribution model that doesn’t require ‘customers’ to make a downpayment.

Instead, the team behind Magnitude takes control of up to a fifth of compromised machines, and infects them with ransomware.

US security vendor Trustwave has been tracking the spread of the exploit kit and uncovered eight control servers, three of which are based in the UK, that have been used to infect as many as 210,000 computers per month.

These findings were presented at the annual Black Hat cyber security conference in Las Vegas.

Growing in Magnitude

It is widely believed that Magnitude is filling the void left after ‘Paunch’, one of the alleged creators of the popular Blackhole exploit kit, was arrested in Russia in October 2013. Following the arrest, the service for updating Blackhole was shut down and its malware encryption service became inaccessible.

Virus - venimo (c) Shutterstock 2014Unlike Blackhole, Magnitude doesn’t require the users to pay a weekly or monthly fee – instead the creators are taking 5 to 20 percent of compromised machines as payment, then attacking them with ‘Cryptowall Defense’ malware.

“We saw cases where people managed to infect a large number of machines and the portion they had to allocate was smaller, down to five percent. It’s like a volume discount,” Ziv Mador, Director of Security Research at Trustwave, told TechWeekEurope.

Much like the infamous ‘Cryptolocker’, Cryptowall Defense encrypts victim’s files and then demands a ransom in Bitcoin. Trustwave tracked the digital wallets that belong to the creators of Magnitude, and came to the conclusion that the scheme netted them at least $60,000 to $100,000 a week.

“The cybercrime world has become very modular, in a similar way to the world of legitimate business,” Mador explained. “The cyber gang behind Magnitude, what they do best is run those servers, develop those exploits and set up all the infrastructure needed to run a campaign and infect a large number of machines out there, that’s their expertise. The customers, who are obviously also cyber criminals – nothing here is legit – all they have to do is generate traffic to the exploit kit, and provide their malware of choice.”

Magnitude attempted to exploit 1.1 million unique IPs and successfully infected 210,000 computers during a single month of observation. The operation is controlled from three servers in the UK, four in the Netherlands and one in Ukraine. The countries with most victims are the US and Iran, however 6,347 victims were from the UK.

The kit is based around three simple exploits that target older versions of Internet Explorer and Java. Despite its basic structure, Magnitude is surprisingly effective, especially in developing countries – for example, the infection success rate in Vietnam stood at 68 percent.

“The infection rates depend on the level of patching, age of software – old browsers are more susceptible to infection. But it also depends on deployment of security products,” said Mador. He added that organisations in developing countries spend less on security products, which leaves them more vulnerable to cyber crime.

How well do you know network security? Try our quiz and find out!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

TSMC Denies Talks With Intel Over Chipmaking Joint Venture

Denial from TSMC, after multiple reports it was in talks with Intel over a joint…

2 days ago

Apple iPhone Shipments In China Slide, As Cook Talks With Trump Official

CEO Tim Cook talks to Trump official, as IDC notes China's smartphone market growth, and…

2 days ago

AMD Warns Of $800m Charge From US Chip Restrictions On China

Another big name chip maker expects a hefty financial charge, after the US tightened rules…

3 days ago

Google Digital Ad Network Ruled Illegal Monopoly By Judge

More bad news for Google. Second time in less than a year that some part…

3 days ago

US State Dept Closes Office Flagging Russia, China Disinformation

Federal office that tackled misinformation and disinformation from hostile nations is closed down, after criticism…

3 days ago

Nvidia CEO Jensen Huang Makes Surprise Visit To China

After Nvidia admits it will take $5.5 billion charge as Trump export limits of slower…

3 days ago