Recently Fixed Flash Player Flaw Targeted by Magnitude EK

Security firm Trend Micro recently revealed that cybercriminals have added an exploit for a recently-fixed Adobe Flash Player flaw to the infamous Magnitude exploit kit.

Securityweek.com published news on 18th June, 2015 quoting a blog of Peter Pi, Threat Analyst with Trend Micro, as saying "The kit currently contains an exploit for vulnerability CVE-2015-3105 which was patched as a part of update of Adobe's Flash Player early this month. However, despite this update, several users are still using older variants of the software and thus, remain at risk."

Pi says that the kit is using the flaw to tarnish victims with CryptoWall 3.0 which is a particularly contagious piece of ransomware.

Pi blogged: "This is another instance of how cyber crooks quickly take advantage of recently-fixed vulnerabilities via exploit kits. We witnessed a similar instance in March where exploits for Adobe Flash Player flaw were added to the Nuclear Exploit Kit just a week after the fix was released. We have also observed in early June that Flash Player was being hit more often by exploit kits which show that nothing will change soon."

Trend Micro says that the malicious Adobe Flash exploit is identified as SWF_EXPLOIT.MJTE.

Trend Micro acquired the SWF sample which is apparently heavily obfuscated using secureSWF and uses two shaders for the actual exploit code. It permits attackers to spread crypto-ransomware in the systems of their target.

The security firm says that unfortunately users in the US, Canada and the UK are most at risk followed by users of many European countries, Australia and India.

Blog.trendmicro.com published a report on 16th June, 2015 quoting an explanation of Pi as "widely-used exploit kits like Magnitude is often well-maintained with novel vulnerabilities. Our research exposes that Magnitude is one of the most employed exploit kits by cyber crooks along with Angler and SweetOrange."

Pi added that CryptoWall is too an important hazard in and of itself and initially in 2014 we observed CryptoWall spreading via spam and again later this year partnered with FAREIT which is an information stealing malware.

Trend Micro concluded that they recommend users to remain updated with the latest version of Flash Player.

» SPAMfighter News - 6/26/2015