Security researchers sinkholed EITest infection chain

Security researchers have managed to neutralize “EITest,” one of the oldest infection chains and thus preventing as many as two million potential malicious redirects a day. EITest relied on compromised websites – mostly WordPress-based, but also using other CMSes – to direct users to exploit kit landing pages and social engineering schemes, which then delivered a wide variety of malware. It has been in use, on and off, since at least 2011.

“Shortly after EITest started to use social engineering schemes, researchers traced the chain via server side artifacts and some historical analysis of server side compromises to infections as early as 2011 when it was redirecting to a private EK known as Glazunov. The infection chain appears to have paused between the end of 2013 and the beginning of July 2014, when it began directing into Angler,” Proofpoint researcher Kafeine explained.

Read more about the neutralization of the EITest infection chain by Proofpoint and other researchers on Help Net Security.

Track the strategic threats to your business with the Threat Brief, delivered to your email daily.

Subscribe Here