menu

Contact Us

1 (800) 723-1166 |

angler

Homeangler
Homeangler

Angler Exploit Kit's Last Heartbeat? [UPDATE: 15/JUN/2016]

Angler Exploit Kit (EK), one of the most advanced and prevalent exploit kits, appears to no longer be active. Only this month it was reported that Angler had introduced a new bypass for Microsoft's EMET so the sudden disappearance of the kit is unexpected.

MissMalini Celebrity Site Awards Admedia Gate & Angler Exploit Kit during the Oscars

On 29/FEB/16 Forcepoint researchers saw that the popular entertainment news site missmalini[.]com was compromised and redirecting to a malicious web site. The timing coincides with awards ceremonies such as The Oscars, so users are likely to be searching for celebrity news. The infection chain we analysed resulted in our system being silently exploited by Angler Exploit Kit (EK). The Teslacrypt crypto-ransomware was then dropped and executed on our test machine.

Top 20 Airline Travel Site Yatra.com Victim to Malvertizing Attack - Redirects Users to Angler EK & Bedep Malware

The popular airline travel site yatra[.]com is currently (01 Feb 2016) redirecting users to Angler Exploit Kit (EK) via a compromised advertising script. The millions of users per month browsing to the yatra[.]com homepage are currently exposed to being redirected to code that silently drops and executes malware in the background by exploiting one of the latest Flash Player vulnerabilities.

Compromised Site

Popular Site Leads To Angler EK & CVE-2015-8651 Flash Player Exploit

Forcepoint Security Labs™ identified this week that a well known transport company's website had been compromised.  We discovered that it was redirecting users to Angler Exploit Kit (EK).  Forcepoint informed the company who were quick to respond and address the issue. Users browsing to the site were exposed to malware being silently dropped onto their system and executed in the background. When we analyzed the infection we saw that users were being redirected to Angler EK which was then exploiting CVE-2015-8651, affecting Adobe Flash Player versions up to 20.0.0.228 and 20.0.0.235.

An Early Christmas Present Exploits CVE-2015-8446 and Drops CryptoWall 4.0

Today, we came across a website providing free Christmas graphics along with an early but unwanted Christmas present. The website christmas-graphics-plus[.]com is injected with malicious code that leads users on a virtual sleigh ride to Angler Exploit Kit (EK) and drops the new CryptoWall 4.0 ransomware. If you were to visit this grotto, then all of your documents would be encrypted and held to ransom - including your Christmas card address book. The real Nightmare Before Christmas.

Large Malvertising Campaign Leads to Angler EK & Bunitu Malware

Websense® Security Labs™ researchers have been monitoring a mass scale malvertising campaign that leads to Angler Exploit Kit. The attack has affected users browsing to many popular sites, including CNN Indonesia, the official website of Prague Airport, Detik, AASTOCKS, RTL Television Croatia, and the Bejewled Blitz game on Facebook.

Turn $1 into $100 right away…..Your personal files are encrypted!

Those are the five words that no one wants to see pop up on their screen. Websense® Security Labs™ researchers have identified an interesting tactic in the proliferation of Crypto ransomware.

Andromeda – An attack kill chain analysis

The Andromeda botnet, initially discovered in late 2011, is a highly modular platform for malicious activity. While it consists of key loggers, rootkits, anti-VM, anti-debugging and proxy features, it is mostly used as a method to establish a reliable backdoor to further deliver additional malware.

Angler Exploit Kit – Operating at the Cutting Edge

As we promised in one of our previous blog posts about exploit kits (Nuclear EK), we are going to take a more in-depth look at Angler Exploit Kit. Angler EK is possibly the most sophisticated exploit kit currently used by cyberciminals. It has pioneered solutions that other exploit kits started using later, such as antivirus detection and encrypted dropper files.

Flash forward – Angler, here we come

As mentioned in the post, “Happy Nucl(y)ear - Evolution of an Exploit Kit”, we were planning to discuss the Angler exploit kit in detail in an upcoming post.

Pages