Fiesta

Short bio

Fiesta is an exploit kit that checks the user’s browser and the versions of the plugins he is using. That is how it determines which exploits can be successfully served. This means that if you happen to come across a Fiesta landing page with multiple vulnerable products, this will lead to receiving exploits for all of them.

History

Fiesta was first dubbed in 2013 and is generally seen as an evolution of NeoSploit. It grabbed a bigger share of the market that was left open after the arrest of the author of the Blackhole Exploit Kit in October 2013. Despite being declared dead by some analysts in December 2014, it made a strong come-back a few months shortly after. In April 2015, it was reported to get redirects from a host of compromised forums.

Common infection method

No user action is necessary to get infected by these exploit kits. Typically they use known vulnerabilities to infect users that happen to visit a compromised site. The exploit kit then looks for vulnerable software on the visitor’s computer and uses that as a way to drop the malware payload.

Associated families

Fiesta EK has been known to push the Kovter (ad fraud) malware and the Zemot Trojan, but also Crypto-Ransomware, Trojan.Dorkbot, and Spyware.Zbot. Since exploit kits are just a method of infection, you can expect them to deliver anything.

Remediation

The exploit kit or the redirection to it needs to be removed from the compromised site and the site itself needs to be patched and secured so it can’t be compromised again.

Aftermath

The options you have to clean up the computer after being hit by an exploit kit vary with the kind of malware that got dropped by the exploit kit. This can range from ad-clickers to ransomware. In some cases, it may be necessary to reformat the computer and change all your passwords.

Avoidance

Site owners should keep their website software updated and visitors should use the latest versions of their browsers and its plugins. It also helps to keep the operating system updated. Doing so would only limit the risk, since they would still be vulnerable to zero-day exploits. There are software solutions available against zero-day exploits that will also stop known exploits.

Screenshots

RELATED THREATS

EXPLOIT KITS

Sweet Orange

Short bio Sweet Orange is a type of exploit kit, or in other words, malicious code found on compromised websites with the...

CONTINUE READING
EXPLOIT KITS

Nuclear

Short bio Exploit kits are efficient and effective tools for cybercriminals to distribute malware. Exploit kits include exploits for multiple vulnerabilities...

CONTINUE READING
EXPLOIT KITS

HanJuan

Short bio HanJuan is a stealthy exploit kit specialized in exploiting vulnerabilities in Internet Explorer, Silverlight, and Adobe Flash Player. Their...

CONTINUE READING
EXPLOIT KITS

Angler

Short bio Angler was one of the leading exploit kits used by cybercriminals to distribute malware ranging from ransomware and banking...

CONTINUE READING
MALWARE

Trojan dropper

Short bio Downloaders and droppers are helper programs for various types of malware such as Trojans and rootkits. Usually they are implemented...

CONTINUE READING
Contributors icon

Contributors

Threat Center icon

Threat Center

Podcasts icon

Podcast

Glossary icon

Glossary

Scams icon

Scams