Angler exploit kit starts wielding Silverlight exploits
Posted on 20.05.2014
"Silverlight exploits are the drive-by flavor of the month," claim Cisco researchers. "Exploit Kit owners are adding Silverlight to their update releases, and since April 23rd we have observed substantial traffic (often from malvertising) being driven to Angler instances partially using Silverlight exploits."

Vulnerabilities in Adobe Flash and Oracle Java have long been preferred targets of exploit kit developers, but as those two firms have been increasingly improving their patching efforts, the malware developers have realized that Silverlight users make also make good potential targets.

Silverlight, the framework for writing and running rich Internet applications that Microsoft created as an alternative to Adobe's Flash, has not, so far, surpassed the latter when it comes to user numbers. Still, it has been used to provide video streaming for many high profile events and is currently used by popular video streaming service Netflix.

Cisco threat researcher Levi Gundert shared some details about a recent Angler campaign that was aimed at exploiting specifically Flash and Silverlight vulnerabilities.

It started, predictably, with malicious ads being served on several high profile (but currently unnamed) websites. The ads would redirect users through a series of websites, and finally land them on sites hosting the Angler EK (click on the screenshot to enlarge it):



The javascript served by the exploit kit would load a specially crafted, encrypted Silverlight file that would exploit a memory disclosure vulnerability in the public WritableBitmap class (CVE-2013-3896) and drop the malicious payload - in this case, a Trojan that connects to a remote host located in Brazil.

Exploit packs bring a lot of money to their owners, whether they are bought or simply rented by attackers. In the wake of the arrest of the creator of the infamous Blackhole exploit kit, other exploit kit makers are eager to keep the market share they have gained with Blackhole's downfall.

They can be expected to diversify the exploits used, and add some for Silverlight vulnerabilities.

"Silverlight exploits are also ideal because Silverlight continues to gain rich Internet application market share, perhaps surpassing Java, and Microsoft’s life cycle schedule suggests Silverlight 5 will be supported through October, 2021," noted Gundert.

Users cannot hope to avoid malicious ads forever, but they can keep themselves reasonably safe by always keeping their software updated.









Spotlight

The Software Assurance Marketplace: A response to a challenging problem

Posted on 20 October 2014.  |  The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has recognized how critical the state of software security is to the DHS mission.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Oct 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //