Crooks Exploit Microsoft Silverlight Vulnerabilities to Infect Netflix Surfers

Netflix, a website, contains material numerous Web-surfers download onto their PCs. To run this website inside users' browsers, a plug-in is used which is known as Microsoft Silverlight. Evidently vulnerabilities exists in this plug-in which cyber-criminals are exploiting for circumventing security solutions, warn security researchers, thus published tomsguide.com dated May 20, 2014.

Cisco the networking giant that discovered the assaults describes how one fresh online scam is resorting to bogus ads to execute the assaults while abusing the Silverlight flaws for planting malware onto peoples' PCs.

Silverlight, very much like Adobe Flash, happens to be the plug-in from Microsoft that helps pour out media inside Web-browsers as well as is probably typically recognized as being utilized within the streaming video function of Netflix.

For abusing Silverlight, cyber-criminals are employing methods that likely appear complicated; however, are simple when put to use. So to begin, crooks first impregnate AppNexus' corporate networks. Based in New York, AppNexus is an online ad firm. The infiltration process is aimed at installing certain malevolent advertisements all over the Web.

In case anyone hits open any malevolent advertisement from the total mentioned, he'll have his Web-browser diverted onto one hijacked site, which will further divert him onto a landing page of Angler.

This assault page on Angler stacks one Silverlight exploit, which bundles twin vulnerabilities. Incase the vulnerabilities are successfully abused; one PC-Trojan gets installed to communicate with a Brazil-based distant server.

Cisco researchers report that the Silverlight attack code utilized within the Angler assault has already contaminated a good 10% of end-users who landed on the above mentioned attack page.

According to Technical Lead Levi Gundert for the Threat Research Team of Cisco Systems, the existing Silverlight attack codes should spread via other exploit packages soon, as cyber-attackers replicate each other's code as well as publish updates.

Exploit packages yield plentiful revenue to attackers owning and employing them, no matter if they're bought alternatively just hired in. Following Blackhole attack toolkit creator's arrest, creators of other attack toolkits are doing everything possible for maintaining the monetary advantages they've acquired following Blackhole's downfall, explain the researchers.

» SPAMfighter News - 6/5/2014