During daily data mining activities, we observe continual outbreaks of many exploit kits (EK) such as RIG EK. Logs are monitored and analyzed to come up with new protections, which are eventually deployed in the Zscaler cloud. The dynamic nature of EK’s landing page code, presents a constant challenge in providing generic detections. We need to take a look at various aspects of EK’s such as URLs/Domains/IP’s to come up with a generic detection guidance. In this regard, log analysis plays an important role.
more here...........http://research.zscaler.com/2014/09/rig-ek-outbreak-continues.html
more here...........http://research.zscaler.com/2014/09/rig-ek-outbreak-continues.html