Introducing Lord EK & Why Exploit Kits are Bad News


September 17, 2019
Security7-Blog Image

There’s a new kid on the block. Its name is Lord EK and it could potentially (along with all the other Exploit Kits out there) cause people grief if left unchecked.

First things first: what’s an “Exploit Kit?”

An exploit kit is automated threats that utilize compromised websites to divert traffic, scan for vulnerable browser-based applications, and run malware.

They’re developed to exploit vulnerabilities on a victims’ end-point automatically and silently while they browse the internet. Because of how highly automated they are, exploit kits have become incredibly popular.

Exploit kits initiate after the victim visits a compromised landing page. The page then diverts web traffic to another landing page. Code in the landing page profiles the victim’s device and looks for vulnerable browser-based applications.

Typically if the victims’ system is up to date and fully patched the exploit will cease to run. If not, the compromised site diverts network traffic to the exploit and then delivers a payload.

The payload can be used to retrieve malware or can be malware (like ransomware) itself.

Beyond Lord EK, some other popular exploit kits currently in the wild are:

  • Spelevo EK
  • Fallout EK
  • Magnitude EK
  • RIG EK
  • GrandSoft EK
  • Underminer EK
  • GreenFlash EK

How do you stop them?

The most commonly used exploits leveraged by Exploit Kits are:

The solution?

Patch, patch, patch your end-points. Make sure your end-points are as up to date as possible. Right now all three of those exploits have been patched. 4878 was patched in February of 2018, 8174 was patched in August of 2018 and 15982 was patched in December of 2018.

Also, beyond patching it’s probably a good idea to limit what kind of browser-based applications you might have on your machine. At this point, there is absolutely no reason to have ANY version of Flash Player running on your endpoint.

The web and the world at large had moved completely past Adobe Flash and running the software at this point only provides a benefit to would-be attackers.

Most of the popular web-browsers, including Safari, Firefox, and Chrome no longer support the software (we’re looking at you Internet Explorer and Edge) and Adobe itself plans to completely ditch support for it all together in 2020.

If you’re running Adobe Flash we recommend you remove it entirely.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Don’t forget to follow us on LinkedIn and Twitter


Carl Keyser is the Content Manager at Integris.

Keep reading

Strong Cybersecurity Postures: How to Unleash their Power

Strong Cybersecurity Postures: How to Unleash their Power

In the vast digital landscape where virtual dragons and sneaky trolls roam a strong cybersecurity posture has never been more important. Imagine a band of modern-day knights led by our protagonist, Alex. Armed with a trusty laptop and a cup of coffee, Alex navigates...

How to Spot a Phishing Attack in 2023

How to Spot a Phishing Attack in 2023

In 2023 cyber threats lurk behind every tree trunk in today's digital jungle, and cybersecurity awareness is more critical than ever. Among the craftiest of these threats are phishing attacks. Phishing attacks are cunningly engineered with social manipulation at their...

How to Choose an IT Consultant in Boulder, CO

Regardless of industry size or type, Boulder IT consultants play a massive role in the way companies in the Boulder area do business. While most companies may have their own in-house IT department, many of these departments are small and cannot handle all the...