This Post was Authored byNick Biasini, with contributions byJoel Esler

Exploit Kits are one of the biggest threats that affects users, both inside and outside the enterprise, as it indiscriminately compromises simply by visiting a web site, delivering a malicious payload. One of the challenges with exploit kits is at any given time there are numerous kits active on the Internet. RIG is one of these exploit kits that is always around delivering malicious payloads to unsuspecting users. RIG first appeared in our telemetry back inNovember of 2013, back then we referred to it asGoon, today it's known as RIG.

We started focusing on RIG and found some interesting data similar to what we found while analyzingAngler. This post will discuss RIG, findings in the data, and what actions were taken as a result.

The Exploit Kit Overview

RIG compromises users like any exploit kit. It starts with a user being redirected to a landing page. This is done via malicious iframes or malvertising and looks similar the following:

It begins with an initial link to a javascript:

Read More >>>