The Lord Exploit Kit (EK) could cause major problems for global organizations in the foreseeable future.
Lord EK was originally discovered in August by Virus Bulletin Security Engineer Adrian Luca. It uses a compromised site to redirect a victim to a landing page, along with a script within the page that collects information about a victim’s machine and sends it back to a server, according to Malwarebytes Labs.
Next, Lord EK launches shellcode to download and execute its payload; in some instances, Lord EK redirects a victim to the Google home page, Malwarebytes Labs noted. It also enables cybercriminals to obtain information about a machine's Flash Player version, as well as a user's IP address, country, state and city, Trustwave SpiderLabs indicated.
A Closer Look at EKs
Cybercriminals use EKs to automatically launch cyberattacks that use compromised websites to divert web traffic, scan for vulnerable browser-based applications and run malware. An EK typically includes the following components:
- Compromised website.
- Vulnerable application that runs malware on a host machine.
- Payload that infects a host.
EKs are becoming increasingly popular among cybercriminals, but security services are available to help organizations guard against these threats.
For example, Trustwave offers the Secure Web Gateway threat defense and protection service to safeguard organizations against EKs. Trustwave's Intrusion Detection and Prevention and Next Generation Firewall offerings also help organizations minimize the impact of EKs.
