eScan sinkholes malware domains belonging to Styx EK and SweetOrange EK

Sharath Kumar
New Update

MUMBAI, INDIA: Malware domains belonging to Styx EK and SweetOrange EK that delivered ZBOT, Zero access type of malwares are one of the major threats faced by enterprises. This malware can gains foothold and starts targeting systems to steel information and also insert web-injects among others.


Now, anti-virus company eScan has detected and also sinkholed this malware.

Govind Rammurthy, managing director of eScan said: "Exploit kits are one of the major threats faced by IT users across all verticals and segments today. The Exploit Kit packs contain malicious programs that are used to carry out automated Drive-by-Download attacks with an aim to spread malware. Legitimate websites are hacked by cyber criminals and malicious code is injected to detect and exploit vulnerabilities of the applications installed on your computer so as to install malicious software that has the capability to compromise the security of all the data on the affected device. At eScan, our research team continuously works on to ensure secured computing experience to IT users. We are proud that our efforts are helping ensure cyber security to our customers."

eScan research pointed out that the malware attacks are done through Drive-By-Download method and primarily uses Java / Java applets to initiate the infection. Domains are specifically registered by the bad actors and servers are hosted to serve the malware. The payloads may vary from Password Stealers to DDOS bots.


For past few months, after actively pursuing Sweet-Orange EK and Styx EK, the research process allowed eScan to discover the domains used by these Exploit Kits (EK) at a consistent rate. Once the malicious domain was identified, eScan initiated a thorough investigation of all the domains associated with this malware campaign.

Apart from this, eScan co-ordinated with the Domain Registrar i.e. PublicDomainRegistry (PDR) and provided them with all the necessary evidences which assisted the compliance team of PDR to suspend these malicious domains. This resulted in take-down of more than 1600 domains. The time dedicated by the research team at eScan to complete this operation was between 72 hours to 10 days.

eScan is allowing Heuristic Scanners to its customers that detect such Drive-by-Download malwares at initial stages of the attack. Customers can take benefit of the free eScanAV Anti-Virus Toolkit (MWAV) that enables to scan and clean Viruses, Spyware, Adware and any other Malware that may have infected your computer from the below link;

The eScan release said that eScanAV Anti-Virus Toolkit (MWAV) requires no installation and can be run directly from anywhere, on your computer, USB Drive or from a CD ROM and even if you already have other Anti-Virus software installed on your computer. The eScanAV Anti-Virus Toolkit (MWAV) also gets updated on a daily basis with the latest updates to detect recently release spyware and adware, plus the engine is constantly being improvised for faster and intelligent detections.