The Disdain exploit kit appears in the threat landscape

The Disdain exploit kit is available for rent on a daily, weekly, or monthly basis for prices of $80, $500, and $1,400 respectively.

The security researcher David Montenegro discovered a new exploit kit dubbed Disdain that is offered for rent on underground hacking forums by a malware developer using the pseudonym of Cehceny.

The Disdain exploit kit is available for rent on a daily, weekly, or monthly basis for prices of $80, $500, and $1,400 respectively.

After the Angler EK and Nuclear EK disappeared from the threat landscape, the Sundown EK conquered the criminal underground.

With the Sundown EK has been inactive since early this year, the Terror EK is being very popular in the cybercriminal ecosystem. The Disdain exploit kit appears very cheap compared to other exploit kits such as Nebula EK, that goes for rent on a daily, weekly, or monthly basis for prices of $100, $600, and $2,000 respectively.

According to security experts at Intsights that found an ad of the Disdain exploit kit on a Russian-speaking forum, its main features are:

Domain Rotator
RSA Key exchange for Exploits
Panel server is untraceable from Payload server
Geolocation available
Browser & IP tracking
Scan domain

When users visit a website hosting the Disdain exploit kit, it gathers info on the specific browser used by the visitor and attempts to use one of the exploits to deliver a malware on the victim’s machine.

Even is the Disdain exploit kit includes a limited number of exploits because it is very young, most of them are newer exploits. Below is the full list of exploits advertise by the author Cehceny:

CVE-2017-5375 – FF
CVE-2017-3823 – Extension (Cisco Web Ex)
CVE-2017-0037 – IE a
CVE-2016-9078 – FF
CVE-2016-7200 – EDGE + IE a
CVE-2016-4117 – FLASH
CVE-2016-1019 – FLASH
CVE-2016-0189 – IE
CVE-2015-5119 – FLASH
CVE-2015-2419 – IE
CVE-2014-8636 – FF
CVE-2014-6332 – IE
CVE-2014-1510 – FF
CVE-2013-2551 – IE
CVE-2013-1710 – FF

According to the experts at Bleepingcomputer, currently, there is no malvertising campaign or botnet leveraging the Disdain exploit kit because Cehceny is considered a scammer on at least one major underground hacking forum.

“The Disdain ad was first spotted last week. Currently, there is no malvertising campaign or botnet redirecting traffic to any Disdain “landing page,” according to a security researcher who spoke with Bleeping Computer about Disdain but did not want to reveal his name.” wrote Catalin Cimpanu.

“One reason why we haven’t seen any active campaign might be that Disdain’s author — Cehceny — is currently banned and marked as a “ripper” (scammer) on at least one major underground hacking forum.”

Looking at exploit kit market we are assisting to a rapid decline due to the difficulty of finding exploitable flaws in modern browsers.

Currently, most popular exploit kits are RIG, Rig-V, Terror, Magnitude, Kaixin, and Nebula.

Stay tuned!

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Disdain exploit kit, malware)

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.