Breach, Content

Lord Exploit Kit: What MSSPs Need to Know


The Lord Exploit Kit (EK) could cause major problems for global organizations in the foreseeable future.

Lord EK was originally discovered in August by Virus Bulletin Security Engineer Adrian Luca. It uses a compromised site to redirect a victim to a landing page, along with a script within the page that collects information about a victim’s machine and sends it back to a server, according to Malwarebytes Labs.

Next, Lord EK launches shellcode to download and execute its payload; in some instances, Lord EK redirects a victim to the Google home page, Malwarebytes Labs noted. It also enables cybercriminals to obtain information about a machine's Flash Player version, as well as a user's IP address, country, state and city, Trustwave SpiderLabs indicated.

A Closer Look at EKs

Cybercriminals use EKs to automatically launch cyberattacks that use compromised websites to divert web traffic, scan for vulnerable browser-based applications and run malware. An EK typically includes the following components:

  • Compromised website.
  • Vulnerable application that runs malware on a host machine.
  • Payload that infects a host.

EKs are becoming increasingly popular among cybercriminals, but security services are available to help organizations guard against these threats.

For example, Trustwave offers the Secure Web Gateway threat defense and protection service to safeguard organizations against EKs. Trustwave's Intrusion Detection and Prevention and Next Generation Firewall offerings also help organizations minimize the impact of EKs.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.