back to article Nuclear exploit kit seen chucking CryptoWall 4.0 at late patchers

The Nuclear exploit kit has been spotted throwing ransomware CryptoWall 4.0 at innocent netizens' machines, according to a security researcher Brad Duncan, who stated it is the first time he's noticed that particular nasty being distributed by an exploit kit. While not as vicious a beast as Angler, the Nuclear kit remains …

  1. Rory B Bellows

    Anti Exploit

    Malwarebytes make a free program (and also a paid version) that is designed to protect against this sort of threat. Malwarebytes Anti-Exploit

    1. Crazy Operations Guy

      Re: Anti Exploit

      Ad-blocking plugins would also work.

  2. Crazy Operations Guy

    Privacy-protected registration

    One of the factors I use to determine if a website might be malicious...

    I have a script that runs on my squid box that will pull whois and other info to calculate a risk score, privately registered domain names push the score up fairly high, and recent registration even more so (Especially if it was only registered for one year or less). The higher the score, the greater amount of elements that get stripped out of the HTTP stream. IE, anything not in the trusted range of scores gets Flash objects stripped; a higher score gets 3rd party javascript removed; higher yet and the site's scripts get neutered; at the highest (just under the level to get blocked), even links are cut out.

    Sure the scripts increase latency, but stripping out ads tends to more than offset it (not to mention the faster speeds due to all the dropped connections to 3rd party crap).

    1. Anonymous Coward
      Anonymous Coward

      Re: Privacy-protected registration

      Flash death is accelerating. Now is the time to block ALL flash, and help push the last stragglers out the door.

      Not having the plug-in installed is the correct layer to do this, because every time you visit the site you're entering a vote of NO FLASH HERE into their logs.

      It's such as massive attack surface, just nuke it to hell.

      Obviously Java, Acrobat Reader, Silverlight, these marginal propitiatory technologies should never have been installed in the first place, but there was a time when Flash was at 99%.

      1. Crazy Operations Guy

        Re: Privacy-protected registration

        I would love to remove Flash altogether, but I support a couple thousand users, some of whom still need it for one reason or another (Niche Business apps, banking systems, etc). So I've settled for blocking it in risky situations (3rd party flash is always blocked, except in some very specific scenarios). The script also does a check for the last time a site's DNS records have changed (All DNS queries are captured by the proxy and compared to previous queries for each domain), a significant bump in the risk score is added for 8 x TTL after each change (24 x TTL when the record changes to something in a completely different country as listed by GeoIP); this gives the website time to notice anything malicious is happening and resolve the situation before my users are at risk.

        1. Sir Runcible Spoon

          Re: Privacy-protected registration

          Not being that proficient at layer 7 activities, are there any useful guides out there to hardening various systems?

  3. Tom 64

    Java, Acrobat Reader, Flash, and Silverlight

    "Users of such software should ensure they are keeping everything up to date. "

    Better yet, remove them from your machines(s)

  4. Anonymous Coward
    Linux

    Nuclear powered ransomware

    Apart from Google and Java was there a desktop operating system involved in spreading the nuclear ransomware.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like