The Disdain exploit kit is available for rent on a daily, weekly, or monthly basis for prices of $80, $500, and $1,400 respectively.

The security researcher David Montenegro discovered a new exploit kit dubbed Disdain that is offered for rent on underground hacking forums by a malware developer using the pseudonym of Cehceny.

Disdain Exploit Kit – New Exploit Kit up for sale in Underground Forum – Copy && Paste .. ?.. Beps Exploit Kit .. ?.. $./I_love_weekends.py pic.twitter.com/bLXBwxvYTp — David Montenegro (@CryptoInsane) August 9, 2017

The Disdain exploit kit is available for rent on a daily, weekly, or monthly basis for prices of $80, $500, and $1,400 respectively.

After the Angler EK and Nuclear EK disappeared from the threat landscape, the Sundown EK conquered the criminal underground.

With the Sundown EK has been inactive since early this year, the Terror EK is being very popular in the cybercriminal ecosystem. The Disdain exploit kit appears very cheap compared to other exploit kits such as Nebula EK, that goes for rent on a daily, weekly, or monthly basis for prices of $100, $600, and $2,000 respectively.

According to security experts at Intsights that found an ad of the Disdain exploit kit on a Russian-speaking forum, its main features are:

Domain Rotator

RSA Key exchange for Exploits

Panel server is untraceable from Payload server

Geolocation available

Browser & IP tracking

Scan domain

When users visit a website hosting the Disdain exploit kit, it gathers info on the specific browser used by the visitor and attempts to use one of the exploits to deliver a malware on the victim’s machine.

Even is the Disdain exploit kit includes a limited number of exploits because it is very young, most of them are newer exploits. Below is the full list of exploits advertise by the author Cehceny:

CVE-2017-5375 – FF

CVE-2017-3823 – Extension (Cisco Web Ex)

CVE-2017-0037 – IE a

CVE-2016-9078 – FF

CVE-2016-7200 – EDGE + IE a

CVE-2016-4117 – FLASH

CVE-2016-1019 – FLASH

CVE-2016-0189 – IE

CVE-2015-5119 – FLASH

CVE-2015-2419 – IE

CVE-2014-8636 – FF

CVE-2014-6332 – IE

CVE-2014-1510 – FF

CVE-2013-2551 – IE

CVE-2013-1710 – FF

According to the experts at Bleepingcomputer, currently, there is no malvertising campaign or botnet leveraging the Disdain exploit kit because Cehceny is considered a scammer on at least one major underground hacking forum.

“The Disdain ad was first spotted last week. Currently, there is no malvertising campaign or botnet redirecting traffic to any Disdain “landing page,” according to a security researcher who spoke with Bleeping Computer about Disdain but did not want to reveal his name.” wrote Catalin Cimpanu.

“One reason why we haven’t seen any active campaign might be that Disdain’s author — Cehceny — is currently banned and marked as a “ripper” (scammer) on at least one major underground hacking forum.”

Looking at exploit kit market we are assisting to a rapid decline due to the difficulty of finding exploitable flaws in modern browsers.

Currently, most popular exploit kits are RIG, Rig-V, Terror, Magnitude, Kaixin, and Nebula.

Stay tuned!

Pierluigi Paganini

(Security Affairs – Disdain exploit kit, malware)

Share this...

Linkedin Reddit Pinterest

Share On