Fallout Exploit Kit
The Fallout Exploit Kit is software that is used to take advantage of vulnerabilities of the victims' computers. The Fallout Exploit Kit can be used to exploit holes in software, servers, networks, and other systems to install malware on the victims' devices. The Fallout Exploit Kit was first observed in September 2018, in association with various ransomware Trojans. The GandCrab Ransomware, in particular, has been associated with the Fallout Exploit Kit. The Fallout Exploit Kit is being used to deliver a wide variety of malware besides ransomware, which may include various adware and Trojan downloaders.
Table of Contents
Why the Fallout Exploit Kit can be So Threatening
The Fallout Exploit Kit takes advantage of vulnerabilities in Windows that allow criminals to execute a bad code. The Fallout Exploit Kit also takes advantage of vulnerabilities in Adobe Flash and other software and platforms onto the victim's computers. When the Fallout Exploit Kit is being installed, this Trojan downloader will check for various anti-virus programs on the targeted computer. The Fallout Exploit Kit also will check whether it is running on a virtual environment or sandbox and interrupt and terminate its attack if this is the case. This allows the creators of the Fallout Exploit Kit to prevent PC security researchers from studying the Fallout Exploit Kit and creating protections against it. Once the Fallout Exploit Kit carries out its attack by exploiting the victim's vulnerabilities, the Fallout Exploit Kit will deliver a payload, which may include a ransomware Trojan, a loader that allows criminals to load other software on the victim's computer, and software designed to collect data from the targeted PC.
How the Fallout Exploit Kit Attack Works
The Fallout Exploit Kit uses the IP addresses 184.108.40.206 and 220.127.116.11 in its attack and hides its data on a network by using encryption, such as XOR, which makes it difficult for PC security researchers and anti-virus software to intercept the attack. Since threats like the Fallout Exploit Kit are designed to exploit vulnerabilities in victims' computers, the best protection against threats like the Fallout Exploit Kit is to have the latest security updates and patches installed on a computer or network. The Fallout Exploit Kit exploits two main vulnerabilities in its attack, often delivering them via a corrupted Web page that redirects to the IP addresses listed above. The two main vulnerabilities exploited by the Fallout Exploit Kit include:
- CVE-2018-8174. This is a remote code execution vulnerability in Windows that has been used by cryptocurrency mining malware extensively. This particular vulnerability, used by the Fallout Exploit Kit, was patched by Microsoft in May 2018, meaning that the computers without this security patch would still be vulnerable to a Fallout Exploit Kit attack.
- CVE-2018-4878. This is a vulnerability in Adobe Flash, used in case the first vulnerability was not exploited successfully. This vulnerability was patched in February 2018.
Based on the overhead, it is clear that the best protection against threats like the Fallout Exploit Kit is to make sure that your computer, operating system, and software are always up to date with the latest security patches. Computer users outside of North America and Western Europe are vulnerable to the Fallout Exploit Kit attacks particularly. The Fallout Exploit Kit attacks have been observed in South Korea and Japan for the most part. Other Fallout Exploit Kit attacks have surfaced in some locations in the Middle East, Central Asia and Southern Europe.
Protecting Your PC from the Fallout Exploit Kit
The best protection from the Fallout Exploit Kit attack is to make sure that all of your components are up-to-date. It also is recommend that computer users use a strong security application that is fully up-to-date. Learning proper online safety to avoid attack websites is also essential.