Jump to content
Login new information ×
Login new information

New Adobe Flash Zero-Day found in the Wild

Ponting

By Ponting
in Security & Privacy News

Recommended Posts

Ponting

Ponting

Posted
Posted

Flash0day-965x395.png

Security researcher Kafeine has discovered a Zero-Day in Adobe Flash Player distributed through the Angler Exploit Kit.

Flash has been plagued with critical vulnerabilities in the past few months and surpassed the no longer popular Java as the most exploited plugin.

We immediately got our hands on this new Zero-Day (thanks Kafeine) and were able to replay it as well with the goal of testing our Anti-Exploit product:

MarcinZeroDay-1024x758.png

With the latest version of Internet Explorer and latest version of Flash, the exploit was successfully blocked by Malwarebytes Anti-Exploit.

On unprotected machines, the Angler Exploit Kit will install Bedep, a distribution botnet that can load multiple payloads on the infected host.

As this is a breaking story, we are still analyzing the exploit and will update this post later accordingly.

Update: 01/21/15: Some details about the malware payload.

The payload in this particular instance was ad fraud. Upon infection, explorer.exe (not to be confused with iexplore.exe) is injected and performs the ad fraud calls.

The following Fiddler capture shows how a zombie PC is gaming the ad networks with bogus requests without the victim’s knowledge:

adfraud_traffic.png

Unfortunately it is very hard to tell apart real users from fake ones and advertisers essentially end up paying for “impressions” or “clicks” where a human being was never involved.

Source: https://blog.malwarebytes.org/exploits-2/2015/01/new-adobe-flash-zero-day-found-in-the-wild/

Link to comment
Share on other sites
  • Replies 19
  • Views 2.4k
  • Created
  • Last Reply
steven36

steven36

Posted
Posted

More News-New Angler exploit kit includes a Flash zero-Day

The French security expert Kafeine has discovered an unpatched vulnerability (0day) in Flash Player is being exploited by Angler Exploit Kit.

SfB0Dx3.jpg

The Angler exploit kit is one of the most popular crimeware kit and according to the French security researcher Kafeine it was enriched with a fresh Adobe Flash zero-day vulnerability. Kafeine has discovered a new variant of the Angler exploit kit that exploit three different vulnerabilities in Flash Player, including the zero-day flaw for the latest version of Flash (version 16.0.0.257) in several versions of Internet Explorer running on Windows 7 and Windows 8.

This new version of the Angler exploit kit includes also the code to exploit two known bugs, the researcher that he first discovered the exploit for the zero-day in Flash on Wednesday and that it is being used in the wild to install a the Bedep malware.

DptsK4C.png

The Bedep malware was already associated in the past with previous versions of Angler exploit kit, the malicious code is used by bad actors for fraudulent activities operations.
The criminal crew behind Angler exploit kit demonstrated have already exploited in the past flaw flaws, in particular its members have always used exploits for freshly patched Flash vulnerabilities, just after a few days of Adobe publishing fixes.
Kafeine explained that that not all instances of the Angler exploit kit are using the new Flash zero-day exploit and according the results of his tests the following browser versions are vulnerable:
  • Windows XP, IE6 to 9 obviously. Flash 16.0.0.257
  • Windows 7, IE8 , Flash 16.0.0.257 : UA : Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
  • Win 8 IE10 with Windows8-RT-KB3008925-x86 (Flash 16.0.0.235) -UA : Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)

Kafeine has verified that IE 10 on Windows 8, IE 8 on Windows 7 and IE 6-9 on Windows XP all are being exploited, meanwhile Chrome safe such as a fully patched Windows 8.1. Kafeine hasn’t disclosed the MD5 of the new exploit, he is suggesting to disable Flash Player since the flaw will be fixed.

“Disabling Flash player for some days might be a good idea,” he said.

Adobe declared that it is aware of the new Angler exploit kit and is already investigating it.

Source
Link to comment
Share on other sites
steven36

steven36

Posted
Posted

It says as long as your on fully patched 8.1 or using chrome with pepper flash your OK . But always I keep flash disabled in Firefox when not using it and I never use IE anymore because it dont have add ons

Link to comment
Share on other sites
Ponting

Ponting

Posted
  • Author
Posted

MalwareBytes Anti-Exploit and HitmanPro.Alert blocks the exploit :showoff:

Link to comment
Share on other sites
steven36

steven36

Posted
Posted

When I 1st heard the news posted I installed MalwareBytes Anti-Exploit . Its Not that I use Flash player that much no ways

I watch youtube like this //www.nsaneforums.com/topic/238453-mozilla-firefox-360-beta-1/?p=888436. And I download most other stuff I watch with IDM or torrent .

You could also install VLC / VLC Web Player plugin and use for youtube VLCTube user script it will replace flash for YouTube

A javascript control wrapper for VLC plugin, Replaces Flash player in youtube with the VLC player via the web plugin.

https://greasyfork.org/en/scripts/1783-vlctube

But VLC have an vulnerability in XP only unless you install a new nightly :lol: :lol:

http://nightlies.videolan.org/build/win32/?C=M;O=D

vulnerability , vulnerability there everywhere :P

VLC say its a codec issues in XP maybe many video players have this vulnerability ;)

Link to comment
Share on other sites
steven36

steven36

Posted
Posted

The Clowns continue to take all the fun out of being online... :rolleyes:

Well the security experts warned us it was coming . Like Loco Joe say I always have fun . I'm old, but im not that old I bought my 1st PC in 2001 .. I seen much worse attacks and lived, Back in the early 2000s people were so crazy they installed Kazaa and Imesh bundled with spyware to download music and other stuff almost everyone was infected it was a pandemic that software developers were spreading to the masses . :lol:

Now days its malware, in the old days it was worms and spyware . The antivirus developers started killing all the attackers worms so they switched to malware . Its just more modern forum of virus they always been around . :)

Link to comment
Share on other sites
VileTouch

VileTouch

Posted
Posted

I bought my 1st PC in 2001 .. I seen much worse attacks and lived, Back in the early 2000s people were so crazy they installed Kazaa and Imesh bundled with spyware to download music and other stuff almost everyone was infected it was a pandemic that software developers were spreading to the masses . :lol:

now now, you're just making me feel old! i used to battle Dark Avenger, Jerusalem and DIR 2 infestations across whole networks. talk about running around a building and coordinating with beepers and walkie talkies. those were the days har har! ow!, my back!

Link to comment
Share on other sites
steven36

steven36

Posted
Posted

I bought my 1st PC in 2001 .. I seen much worse attacks and lived, Back in the early 2000s people were so crazy they installed Kazaa and Imesh bundled with spyware to download music and other stuff almost everyone was infected it was a pandemic that software developers were spreading to the masses . :lol:

now now, you're just making me feel old! i used to battle Dark Avenger, Jerusalem and DIR 2 infestations across whole networks. talk about running around a building and coordinating with beepers and walkie talkies. those were the days har har! ow!, my back!

you must be old , by the way you ever get your eyes checked... you quoted the wrong person. it was me that said that :wtf:

Link to comment
Share on other sites
VileTouch

VileTouch

Posted
Posted

you must be old , by the way you ever get your eyes checked... you quoted the wrong person. it was me that said that :wtf:

oops! indeed.

LKVg6QT.jpg

Link to comment
Share on other sites
CODYQX4

CODYQX4

Posted
Posted

3 Updates this week.

This garbage as well as Java can't take a bullet to the head and die fast enough.

At least a hell of a lot less stuff is dependent on Flash though.

Link to comment
Share on other sites
  • 2 weeks later...

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...