RIG exploit kit takes on large malvertising campaign | Advanced Mobile Spy Software
There has been an interesting battle between two exploit kits in the past few months. Following the demise of the Angler exploit kit in June, Neutrino EK assumed the lead position by having the top malware and malvertising campaigns defaulted to it. But since then, there have been several shake ups, and an underdog in the name of RIG EK replaced Neutrino EK on several high volume campaigns from compromised websites. Today we spotted a malvertising attack on popular website (2 million visits daily) via the same pattern that was used by Angler EK and subsequently Neutrino EK via the 'domain shadowing' practice and the use of the HTTPS open redirector from Rocket Fuel ( Some visitors that browsed the knowledge-based website were exposed to the fraudulent and malicious advert and could have been infected without even having to click on it. Domain shadowing: