Jump to content
Worm64

New Adobe Flash Zero-Day found in the Wild

Recommended Posts

Posted (edited)

Flash0day-965x395.png

Security researcher Kafeine has discovered a Zero-Day in Adobe Flash Player distributed through the Angler Exploit Kit.

Flash has been plagued with critical vulnerabilities in the past few months and surpassed the no longer popular Java as the most exploited plugin.

We immediately got our hands on this new Zero-Day (thanks Kafeine) and were able to replay it as well with the goal of testing our Anti-Exploit product:

MarcinZeroDay-1024x758.png

Security researcher Kafeine has discovered a Zero-Day in Adobe Flash Player distributed through the Angler Exploit Kit.

Flash has been plagued with critical vulnerabilities in the past few months and surpassed the no longer popular Java as the most exploited plugin.

We immediately got our hands on this new Zero-Day (thanks Kafeine) and were able to replay it as well with the goal of testing our Anti-Exploit product:

MarcinZeroDay

With the latest version of Internet Explorer and latest version of Flash, the exploit was successfully blocked by Malwarebytes Anti-Exploit.

On unprotected machines, the Angler Exploit Kit will install Bedep, a distribution botnet that can load multiple payloads on the infected host.

As this is a breaking story, we are still analyzing the exploit and will update this post later accordingly.

Update: 01/21/15: Some details about the malware payload.

The payload in this particular instance was ad fraud. Upon infection, explorer.exe (not to be confused with iexplore.exe) is injected and performs the ad fraud calls.

The following Fiddler capture shows how a zombie PC is gaming the ad networks with bogus requests without the victim’s knowledge:

adfraud_traffic.png

sursa:Malwarebytes team

Edited by Worm64

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...