The best part of exploit kits

by adam on April 19, 2013

Following up on my post on exploit kit statistics (no data? really folks?), I wanted to share a bit of a head-shaker for a Friday with way too much serious stuff going on.

Sometimes, researchers obscure all the information, such as this screenshot. I have no idea who these folks think they’re protecting by destroying information like this, but what do you expect from someone whose web site requires javascript from 4 domains to render a basic web page? (bad HTML here).

Thinking would be welcome.

2 comments

” I have no idea who these folks think they’re protecting by destroying information like this”

What about not telling bad guys that he is inside ?
Make sense ?

by Someone whose web site Require javascript from 4 domains on April 22, 2013 at 6:53 pm. Reply #

Nope.

I’m pretty confident that many of the redactions, such as the %, are fairly consistent across current versions of the exploit kits. (As are you, as you left the bar graphs and order visible for all except two exploits.) I expect that “threads” are also pretty consistent.

If you have no evidence that the criminals are reading your blog, then odds are good you can post an unredacted shot without losing access, but that’s easy for me to say. Or you can post the real shot now, rather than obscuring all the data forever.

If you think you’re being stealthy, capture the data and then publish it later after you’re kicked out, but I see no such data dump or commitment to such a dump. Maybe I missed it.

by Adam on April 23, 2013 at 2:40 pm. Reply #

Leave your comment

Not published.

If you have one.