Cisco’s Talos research team has managed to identify and partially shut down a cyber-criminal group that is using the RIG exploit kit to infect users with all kinds of malware.
This particular group used a series of security vulnerabilities, but most of the time, it was using the CVE-2015-5119 flaw in Flash, which allowed the group to compromise computers and later infect them with spambots.
Cisco reports that, in most cases, the main payload was the Tofsee spambot variant, which infected Windows machines via Internet Explorer.
Researchers say that most of the users getting infected via this particular RIG exploit kit campaign are redirected to the site using malicious ads and iframes embedded in legitimate and compromised websites.
The campaign was extremely active during the past fall and used well over 7,000 different domain names and 44 IPs to spread their malware payloads — via redwolf.newsvine.com