The "Angler" exploit kit is a tool frequently used in drive-by download attacks to probe the browser for different vulnerabilities, and then exploit them to install malware. The exploit kit is very flexible and new exploits are added to it constantly.
However, the blog post below shows how this exploit kit is currently using an unpatched Flash 0-day to install malware. Current versions of Windows (e.g. Window 8 + IE 10) appear to be vulnerable. Windows 8.1, or Google Chrome do not appear to be vulnerable.
This is still a developing story, but typically we see these exploits more in targeted attacks, not in widely used exploit kits. This flaw could affect a large number of users very quickly. Please refer to the original blog for details.
[1] http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html
---
'malware ' 카테고리의 다른 글
| Flash Greets 2015 With New Zero-Day (0) | 2015.01.23 |
|---|---|
| AVM FRITZ!Box: Firmware Signature Bypass (0) | 2015.01.22 |
| Reversing the Inception APT malware (0) | 2015.01.21 |
| Hacktivist Group CyberBerkut Behind Attacks on German Official Websites (0) | 2015.01.21 |
| PlugX Malware Found in Official Releases of League of Legends, Path of Exile (0) | 2015.01.21 |