Nuclear goes boom

Silver medallist exploit kit dies alongside Angler as new top dog doubles rental price

Shake-ups at the top of the exploit kit world continue, with news the world's two top pop boxes have disappeared.

Exploit kits are the all-in-one commercial crime offerings through which specifically vulnerable users can be targeted with a barrage of constantly updated and occasionally zero-day attacks.

Victims subject to exploit kit are often hit with bank trojans and ransomware.

The infamous Angler exploit kit was the world's most capable and most popular until its sudden cessation earlier this month for reasons unknown.

Threat intelligence types have since revealed the second worst exploit kit, Nuclear, went offline a week ahead of the demise of Angler.

Independent researcher Kafeine reported Nuclear's apparent end, as did Symantec boffin Ben Nahorney, both earlier this month.

The now-number-one kit, Neutrino, has doubled its price to capitalise on the death of its rivals.

Check Point has chalked up the death of Nuclear as a possible response to its [two] [part] research in which it revealed the internals of the exploit kit's infrastructure.

They examined the vulnerabilities used, the method of exploit delivery, and revenue models. On the latter they found Nuclear in one month generated 1.8 million attacks worth some US$12 million in revenue thanks in large part to revenue from the Locky ransomware.

Monthly income for developers sits around US$100,000.

"At the end of April, just a few days after our first report was published, the existing Nuclear infrastructure ceased operation entirely – all Nuclear panel instances and the master server stopped serving malicious content and responding to requests from their IP addresses," Check Point researchers say.

"Additional researchers identified that Nuclear has ceased its activities as of late April as well.

"Our investigations and disclosures have clearly had an impact, shutting down a major threat in the wild."

Nuclear could be expected to reanimate should it have taken down its infrastructure in the wake of the reports.

The exploit kit marketplace has been shaken up before, typically thanks to arrests of high-profile authors including Black Hole developer Dmitry Fedotov, known as Paunch. ®


Biting the hand that feeds IT © 1998–2017