A brand new exploit kit has been noticed on the underground forums these days. The malware is called Disdain and its creator is advertising it at $80 only.
The new EK was found by the malware analyst David Montenegro, and the toolkit can be currently rented on a daily, weekly, or monthly basis for $80, $500, and $1,400, respectively.
The good news here is that the security experts have already managed to track the EK advert and learn some more about the alleged capabilities of the malware.
The developer of Disdain claims that the toolkit’s main features include domain rotator, browser & IP tracking, panel server untraceable from payload server, RSA key exchange for exploits, domain scanning capabilities, and geolocation.
In addition, the malware creator says that Disdain can exploit over a dozen vulnerabilities in Firefox (CVE-2017-5375, CVE-2016-9078, CVE-2014-8636, CVE-2014-1510, CVE-2013-1710), Internet Explorer (CVE-2017-0037, CVE-2016-7200 (Edge as well), CVE-2016-0189, CVE-2015-2419, CVE-2014-6332, CVE-2013-2551), Flash (CVE-2016-4117, CVE-2016-1019, CVE-2015-5119), and Cisco Web Ex (CVE-2017-3823).
By now, no malware distribution campaign has been started by Disdain, most probably because the malware has been around for a quite short time. Besides, Cehceny, the developer known as Disdain’s creator, has no good reputation among hackers and is more considered a scammer.
Despite the fact that no botnet or malvertising campaign is currently redirecting traffic to the toolkit’s landing pages, the malware has the potential to turn into a major threat if criminals start employing it.
It is very simple – when users get redirected to one of the Disdain’s pages, the malware scans the potential victims’ browsers and attempts exploiting one of the vulnerabilities it has found. Thanks to this vulnerability, the system gets infected with Disdain.
