Security Experts:

Connect with us

Hi, what are you looking for?



New “Disdain” Exploit Kit Spotted on Underground Forums

A new exploit kit (EK) has emerged recently on underground forums, where a malware developer is advertising it starting at just $80.

A new exploit kit (EK) has emerged recently on underground forums, where a malware developer is advertising it starting at just $80.

Called Disdain and discovered by malware analyst David Montenegro, the toolkit is available for rent on a daily, weekly, or monthly basis, priced at $80, $500, and $1,400, respectively. Security researchers have already managed to track the advert for the EK and learn more about its alleged capabilities.

According to Disdain’s author, the main features of the toolkit include domain rotator, RSA key exchange for exploits, panel server untraceable from payload server, geolocation, browser & IP tracking, and domain scanning capabilities.

The malware developer claims the toolkit can exploit over a dozen vulnerabilities in Firefox (CVE-2017-5375, CVE-2016-9078, CVE-2014-8636, CVE-2014-1510, CVE-2013-1710), Internet Explorer (CVE-2017-0037, CVE-2016-7200 (Edge as well), CVE-2016-0189, CVE-2015-2419, CVE-2014-6332, CVE-2013-2551), Flash (CVE-2016-4117, CVE-2016-1019, CVE-2015-5119), and Cisco Web Ex (CVE-2017-3823).

There has not been a malware distribution campaign fueled by this exploit kit found to date, likely because Disdain hasn’t been around long enough to prove it is a viable tool. Furthermore, its author, who goes by the name of Cehceny, doesn’t have a good reputation among cybercriminals and is considered a scammer on at least one underground hacking forum, BleepingComputer notes.

Although no botnet or malvertising campaign is redirecting traffic to Disdain’s landing pages at the moment, the toolkit could turn into a major threat if miscreants start employing it. As soon as users are redirected to one of the exploit kit’s pages, the toolkit can scan the potential victim’s browser and attempt to exploit one of the discovered vulnerabilities to install malware.

Disdain includes a large number of new exploits, which could help it gain traction, especially since the exploit kit landscape has been greatly shaken over the past year, starting with Angler and Nuclear, both of which went down in the first half of last year.

Exploit kit activity this year has been only a fraction of what it was in early 2016, and continues to diminish as more toolkits are taken down and very few new players observed. Cybercriminals, however, are turning to other methods of distributing malware, including spam emails  and other types of attacks.

Related: Terror Exploit Kit Rising as Sundown Disappears

Related: New Terror Exploit Kit Emerges

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.