Underminer Exploit Kit: How Tenable Can Help

Tenable Research

The “Underminer” exploit kit is having widespread impact in Asian countries, particularly Japan. Thankfully, mitigation is relatively simple and involves patching and other well-known security best practices.

Contrary to popular belief, the exploit kit is not dead yet. “Underminer,” an exploit kit named and discovered by Trend Micro, is having widespread impact in Asian countries, particularly Japan. Its nefarious bootkit affects the system’s boot sectors and delivers the coin mining payload named Hidden Mellifera.

While the continued decline of Adobe Flash has led to a reduction in the prevalence of Exploit Kits, enterprises need to remember this attack vector remains a real problem. Underminer is quite sophisticated and has many of the capabilities utilized by other problematic exploit kits, including user-agent/browser profiling to determine Flash Player version and cookie detection to prevent repeated exploit site visits. In addition, RSA encryption of traffic is utilized prior to exploitation.

The following diagram from Trend Micro provides a useful high-level view of the stages and vectors of Underminer:

Source: Trend Micro, https://blog.trendmicro.com/trendlabs-security-intelligence/files/2018/07/underminer-exploit-kit-4.png.

As of 4:45 am EDT on July 27, the antivirus (AV) programs tested by VirusTotal have very limited coverage of the provided SHA-256 checksums (3/40). However, that’s bound to change with time and is likely due to the localized exploitation. Thankfully, mitigation is relatively simple and involves patching and other well-known security best practices, such as preventing unnecessary browser plugins, good firewall hygiene, antivirus updates, user awareness and so on.

Antivirus programs tested by VirusTotal

VirusTotal Underminer

Source: VirusTotal, https://www.virustotal.com/#/file/a795deaa2d1c1f2d9426a8c28791111e0192ffad14d086b51bc61c8e16008b63/detection.

Tenable’s Coverage for Underminer Exploit Kit

CVE

Plugin ID

Description

CVE-2015-5119

84641

Adobe AIR

CVE-2015-5119

84642

Adobe Flash Player

CVE-2015-5119

84667

Google Chrome

CVE-2015-5119

84645

MS KB3065823: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer

CVE-2016-0189

91001

MS16-051: Cumulative Security Update for Internet Explorer (3155533)

CVE-2016-0189

91003

MS16-053: Cumulative Security Update for JScript and VBScript (3156764)

CVE-2018-4878

106606

Adobe Flash Player

CVE-2018-4878

106655

KB4074595: Security update for Adobe Flash Player (February 2018)

Additional Information:

Learn more about Tenable.io, the first Cyber Exposure platform for holistic management of your modern attack surface. Get a free 60-day trial of Tenable.io Vulnerability Management.

Read more >

Published on Jul 31, 2018

People also viewed

API Delivery Engineer

Uxbridge United Kingdom Furzeground Way , Stockley Park, Uxbridge, United Kingdom, UB11 1EZ Professional Services Professional Services
Your Role:Assist in the deployment and configuration of Tenable solutions within client organisations. The consultant will provide technical support, preparation and documentation to clients as part of a small delivery team. The consultant will in...

Principal Research Engineer

Paris Paris France Paris, France Sensors Research & Development
Your Opportunity:As the Cyber Exposure market leader Tenable is looking for a passionate and talented Principal Researcher for its Tenable Research team. Tenable Research is significant and growing global security research team consisting of rever...

Security Consultant - API

North Sydney Australia Pacific Highway, North Sydney, Australia, NSW 2060 Professional Services Professional Services
Your Role:Tenable’s Global Professional Services organization performs Tenable product installation, configuration, customizations, and security audits for our clients, and is looking to hire a security consultant with expertise developing scripts...

Field Product Manager

Seattle Washington United States 5th Ave, Seattle, Washington, United States, 98101 Product Management Research & Development
Your Role:The Field Product Manager  supports and works with Product Management, Engineering, Product Marketing, Sales, and other internal teams to guide on how Tenable products and services could be used to best suit customer needs. This supporti...

Technical Product Manager - Cloud Services

New York New York United States Broadway, New York, United States, 10012 Product Management Research & Development
Your Role:Tenable is looking for a Technical Product Manager - Cloud Services, responsible for driving the product strategy and management of our cloud services, platform infrastructure, and public APIs. This full-stack PMrole is expected to be sk...

Sr. UI Engineer

Los Angeles California United States West Jefferson Boulevard, Playa Vista, Los Angeles, California, United States, 90066 Cloud Platforms Research & Development
Your Role:Tenable is looking for an extraordinary Senior UI Engineer to join the Tenable.io Engineering team. This is an opportunity to make a high impact while helping the team deliver on a next-generation enterprise web application. The ideal ca...

We have big plans for continued global growth, and we’re looking for people who are creative, flexible and dedicated to helping us build something great – something that matters.