Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


IE Exploit Incorporated into Notorious AEK, States FireEye

According to FireEye, attackers responsible for AEK (Angler Exploit Kit) recently incorporated one exploit of tweaked edition that abuses one patched flaw in Microsoft's IE known as the UAF (use-after-free) security flaw.

It maybe noted that exploit kits comprise packages of malware with which chiefly automated 'drive-by' assaults are executed for disseminating any malware while these get sold on underground marketplaces and are extensively variable. Today, hosted exploit toolkits on rent are also commonplace that therefore makes the market competitive having plentiful players along with numerous separate developers.

Microsoft patched the security flaw (MS14-056) during past October's Patch Tuesday cycle of fixes; however, attackers continue to manage including the flaw into their attack toolkit. Just like the exploits revealed during Oct 2014, the latest addition to AEK being utilized has been recreated for eluding MEMPROTECT the mitigation technology of IE.

Staff Research Scientist Dan Caselden with FireEye after posting regarding the security flaw getting incorporated into Angler asserted it was interesting whatever featured the attack's perspective since it mainly dealt with Internet Explorer deployments which relied on MEMPROTECT -started July 2014- nevertheless additionally claimed that the flaw further firmed the notion about assaulters continuing to be enthusiastic about hijacking IE, particularly when end-users ran almost 5-month-old editions of the browser.

Lately, investigators from Websense another security company described Angler as perhaps an extremely refined attack toolkit that cyber-crooks used these days, making use of several methodologies towards defeating detection like the capability for spotting virtualization and anti-virus programs, and encrypted payloads.

Abel Toro Security Researcher at Websense said the toolkit was leader in creating techniques which other attack toolkits began utilizing later like encrypted dropper documents and anti-virus detection. Securityweek.com reported this, March 2, 2015.

Moreover, according to Toro, Angler was the fastest for incorporating the most recent 0-day vulnerabilities -the CVE-2015-0311 Adobe Flash 0-day- as also it leveraged one distinct obfuscation technique. Lastly, the dropped malicious program that Angler ran was from its memory and not to be written into the machine's hard drive - that distinct technique thus made conventional AV mechanisms enormously hard for detecting the toolkit since they worked with file-system scanning.

ยป SPAMfighter News - 3/9/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page