Last week we noticed that Sundown Exploit Kit (EK) was distributing a banking trojan. Upon further investigation we discovered that the banking trojan was a new version of Zeus Panda. This malware has previously been delivered by the Angler, Nuclear and Neutrino EKs.Sundown EK Landing Page
The Sundown EK landing page obfuscation has undergone several evolutions recently, indicating that the developer is highly active. An example of the landing page from July 25, 2016 was as below.
The exploits used by Sundown are dynamically written onto the page from the base64-encoded content on the landing page.... Read more