Angler Can Exploit Fresh Zero-Day Vulnerability

The beleaguered Angler exploit toolkit has a new strain of ammunition to employ in attacks known as a novel Adobe Flash zero-day flaw. Threatpost.com reported on 21st January, 2015 stating that the kit is exploiting vulnerability in many versions of Internet Explorer running on Windows 7 and 8 which are not known before.

Kafeine, a French Security Expert, has identified a strain of Angler Kit which is firing exploits for much vulnerability in Flash with two renowned bugs but the difficulty is that the toolkit additionally has an exploit code for what seems to be a zero-day flaw in the new-flanged edition of Flash which is version 16.0.0.257. Threatpost.com reported on 21st January, 2015 quoting Kafeine as saying "I first identified the exploit for the 0-day in Flash and that is being used to install a thread of malware called Bedep."

Older Angler versions have been found to be installing Bedep sometime ago. The malware is used for advertising frauds and it has been exploited by Angler in "fireless" contagions of targeted systems revealed Kafeine.

Interestingly, Angler was more popular having spiked in August thanks to the decision of a developer to nullify the need to download Windows executables to impose malware.

The operators of Angler just showed how serious they are about becoming the de-facto kit for online crime with an added Adobe zero-day. Angler is just one of the popular kits on the criminal market holding its own against Astrum, RIG, Fiesta and Orange. Researchers have highlighted that some of the exploit kits sell for as low as $15,000.

Malwarebytes, a Security firm, has confirmed the validity of the zero-day exploit report which was issued by Kafeine.

Csoonline.com published a report quoting Pedro Bustamante, Director of Special Projects of Malwarebytes, as saying: "The fact is that the zero-day was being used by Angler which shows that cyber thugs are keen to target people en-masse. Usage of a delivery mechanism like Angler amplifies the probability of victorious infections resulting correct attacks through contaminated adverts on high-profile websites."

Adobe declared that it is aware of the flaw and are investigating. In the meantime, Flash should be disabled.

» SPAMfighter News - 1/30/2015