At least one version of the Angler exploit kit is using drive-by attacks to hit a newly-discovered zero-day vulnerability in Adobe Flash player, security researcher Kafeine has revealed.
Made public earlier this week and now designated the identifier CVE-2015-0310, the Flash versions affected include Windows XP IE6-8 on all versions up to 126.96.36.1997, Windows 7 on IE8 up to 188.8.131.527, Win 8 on IE10 up to 184.108.40.2067.
Chrome, Firefox and IE11 running on a fully updated Windows 8.1 might be vulnerable but don’t seem to have been targeted yet.
This is a straight criminal exploit for profit – the Bedep Trojan served calls bot malware that carries out ad fraud behind the user’s back. It could, of course, be used for to download anything and so this is not the limit of its ambitions.
In the absence of a patch – one isn’t likely for some days at least – users could disable Flash player or perhaps use a free tool such as Malwarebytes’ Anti-Exploit whose official launch was covered by Techworld last June.
According to Kafeine, this program definitely stops the zero day in its tracks. Although other software might also stop it this is excellent validation for the technology behind Anti-Exploit.
“The zero-day vulnerability in Flash Player could provide a big security risk for Internet users, effectively opening an unguarded window onto PCs worldwide.
“The danger of any zero-day is that there is no patch in existence, so I would recommend caution from web-users until a confirmation and update is issued,” said Malwarebytes’ director of special projects, Pedro Bustamente, who also led the team the developed the software before it was bought by the US security firm.
“We would also urge people to update security software and download Malwarebytes Anti-Exploit Free which, as pointed out by Kafeine, protects against this attack,” he said.
“Using a delivery mechanism such as Angler increases the chance of successful infections, allowing for accurate attacks through infected adverts on high traffic websites.”
Earlier this week, the latest figures from security analysis form Secunia revealed that Flash 15x remains the commonest 'end of life' program found on the US-based PC of its customers. Later versions are, however, quite well patched. In November, Adobe offered 18 patches for the software in one go.