Danger level 6
Type: Other

Nebula Exploit Kit

The number of Exploit Kits is constantly rising. When one disappears, another soon replaces it. According to researchers, Nebula Exploit Kit could be a new variant of Sundown Exploit Kit. It was first detected in February, 2017, but is used as a malicious toolkit to identify vulnerabilities up to this day. Specifically speaking, it is used to identify vulnerabilities in users’ web browsers and/or its plugins. Specialists say that it usually exploits well-known vulnerabilities, e.g. CVE-2013-2551, CVE-2016-0189, CVE-2015-8651, and others. In most cases, this Exploit Kit is used by cyber criminals to drop the malicious payload on victims’ computers. It should be noted that Nebula Exploit Kit cannot be used for free by anyone having bad intentions. Cyber criminals who want to use it for their malicious purposes need to pay money. If they wish to use it for 24 hours, they need to pay $100, whereas the 7-days subscription costs $600. In case they want to use it the entire month (31 days), they must pay $2000. Nebula Exploit Kit is not malware itself, so it does not have any components that could be removed. Users only need to delete payloads dropped on their systems. Theoretically, it might be any malicious application, so we cannot promise that cleaning the system will be easy.

Nebula Exploit Kit is one of many Exploit Kits. It shares similarities with Angler, RIG, Neutrino, and Terror Exploit Kits because they utilize the same vulnerabilities. As research has shown, it works as a service. That is, it can be rented by anyone ready to pay money for it. It has been observed that the majority of subscribers of Nebula Exploit Kit use it to upload threats onto computers based in Europe. Once cyber criminals purchase it, they upload it to web servers. Then, they spread the malicious link via spam, advertise it on legitimate websites, e.g. Internet forums, and users other methods to trick users into clicking on it. Once they do that, Nebula Exploit Kit immediately performs a scan seeking to find vulnerabilities that could be used to drop the malicious payload in the browser used and/or its plugins (e.g. Java and Adobe Flash). The malicious website might also check your geographic location so that it could download and execute the specific payload depending on the malware campaign. It has been observed that Nebula Exploit Kit distributes Pitou, DiamondFox, Gootkit, and Ramnit malicious applications, but, of course, this list might be longer.

Most likely, Nebula Exploit Kit is promoted on Dark Web forums mainly. It is presented as an Exploit Kit having the following features:

  • Automatic domain scanning and generating
  • Clean and modern user interface
  • Custom domains & sever
  • Multiple payload file types supported (exe, dll, js, vbs)
  • Public stats by file & flow
  • Latest CVE-2016 and CVE-2017
  • Exploit rate tested in different traffic go up 8/19%

These are not all the features it has, of course, but there is no doubt that it is quite sophisticated. Because of this, the chances are high that its popularity will not stop growing anytime soon.

If you suspect that the malicious payload could have been dropped by Nebula Exploit Kit and executed on your system, inspect all applications active on your computer. Unfortunately, we cannot promise that you could find malware on your PC easily because harmful threats are capable of hiding well on victims’ computers. Specialists say that the malicious payload might be any malicious application, including ransomware, backdoor, Trojan, etc. As mentioned previously in this report, the payload might depend on the specific campaign and even the victim’s geographic location. In any event, malicious software must be deleted fully as soon as possible.

Nebula Exploit Kit might drop ransomware, Trojans, and other harmful threats on users’ computers. They are not only dropped on victims’ PCs without their knowledge, but they often perform activities in the background as well, so you might not even know about the entrance of malicious software. Even if you discover malware on the system yourself, we do not think that you could delete it fully all alone because Nebula Exploit Kit is usually closely associated with serious malware. To clean your system, perform a system scan with an antimalware scanner instead. Step-by-step removal instructions you can find below this report will help you to download it from the web.

Remove malware from your PC

  1. Open your web browser.
  2. Type http://www.pcthreat.com/download-sph in the URL bar and press Enter.
  3. Click Save File.
  4. Open the installer and install an antimalware scanner.
  5. Launch it and perform a system scan with it.
Download Spyware Removal Tool to Remove* Nebula Exploit Kit
  • Quick & tested solution for Nebula Exploit Kit removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.