DDI RULE 2354
EXPLOYT - HTTP (Request) - Variant 5
Überblick
EXPLOYT variants may arrive on a system bundled with malware or grayware packages, or hosted on a website and runs when a user accesses said website. EXPLOYT malware takes advantage of certain vulnerabilities to download malicious files onto the affected system. It does this by using an exploit kit that allows anattacker to take advantage of most known vulnerabilities. Successful exploitation of the vulnerabilities executes a shell code which will trigger the download and execution of malware. Most of the downloaded files can give criminals remote control over the infected machine, and thus steal user-critical information such as online banking login credentials, email passwords and the like. Systems infected with EXPLOYT malware may be considered security-compromised. This Trojan arrives as a component bundled with malware/grayware packages. It takes advantage of certain vulnerabilities.
Technische Details
Attack Phase: Intelligence Gathering
Protocol: HTTP
Risk Type: MALWARE
Threat Type: Malicious Behavior
Confidence Level: High
Severity: High(Outbound)
DDI Default Rule Status: Enable
APT Related: NO
Lösungen
Nehmen Sie an unserer Umfrage teil