2012-09-27 - Evolution

Redkit : No more money ! Traffic US, CA, GB, AU


It looks like "EULA" has changed for Redkit "customers" in the past 20 days, now you can't pay with money anymore for this "Exploit Kit as a Service".

Lucky Luke - Go West ! (Turkish Edition)


As written in the internal FAQ :

Мы работаем за 5% трафа. Если у вас в трафе нет US, CA, GB, AU — ваш аккаунт будет заблокирован.
Google Translate : "We work for 5% of the cores. If you do not have cores US, CA, GB, AU - your account will be blocked."

Нет оплаты — мы берем всего 5% вашего трафика
Google Translate :  "No payment - we take only 5% of your traffic"

Связка забирает траф или загрузки?
Связка забирает загрузки — в 5% случаев вместо вашего файла грузится наш

Translation by @ComradeDanski (The Malware Lab) : "Does the (exploit) kit take traffic or downloads?
The (exploit) kit takes downloads -- it replaces 5% or your traffic with our file"

Big trust from "customer" needed !
At beginning of September, and since at least April customer had choice :

Мы работаем либо за 5% трафа, либо $150 за неделю аренды ($500 за месяц). Если у вас в трафе нет US, CA, GB, AU — то сотрудничество возможно только за $.
Google Translate :  "We work for the 5% or cores, or $ 150 per week rent ($ 500 per month). If you do not have cores US, CA, GB, AU - that cooperation is possible only for the $."

One Redkit infection on the 7th of September 2012 :

Redkit infection : Downloader  who then goes for encrypted payloads
4.html : 207e6e6d9ee22838fc3972e307591a71

Karagny downloader according to A/Vs. It seems it's the default way for Redkit to drop its payload.

Last message from Redkit's coder.
"I love you, but its business"


Want to read more about Redkit ? 
Red Kit : Lucky Luke in Turkey
Redkit Exploit Kit : Detailed analyses of recent anti-forensics features - Denis Laskov - 2012-09-25
CVE-2012-4681 - Redkit Exploit Kit - I want Porche Turbo -2012-08-30Redkit - one account = one color - 2012-06-22
Redkit not so red anymore - Adaptation in action - 2012-05-08
Inside RedKit Exploit Kit - 2012-05-05
A Wild Exploit Kit Appears... Meet RedKit - Arseny Levin - SpiderLabs - 2012-05-02

<edit1 28/09/12> Translation updated with info given by @ComradeDanski </edit1>