Published on May 21st, 2014 📆 | 6207 Views ⚑
Criminals Target Netflix Users Via Microsoft Silverlight Exploits
A recent Angler Exploit Campaign
has been spotted
by the Cisco researcher spiked since April 23, targeting Microsoft’s Silverlight by imposing the exploits on the infected systems. The Exploit Kit in this campaign also hosts exploits for Flash and Java, but it doesn't trigger them, which at a time was one of the widely targeted platform by the exploit kits developers.
"Exploit kit owners are adding Silverlight to their update releases, and since 23 April we have observed substantial traffic - often from malvertising - being driven to Angler instances partially using Silverlight exploits," said Gundert, the lead threat researcher at Cisco.
The cyber criminals are infiltrating the Advertising Networks with malvertising to redirect victims to the hundreds of malicious websites hosting the Angler Exploit Kit, where the actual attack comes into play by silently launching Silverlight exploits against the infected system.
Till now, The Exploit Kit (EK) developers were targeting the vulnerabilities in Adobe Flash and Oracle Java, but as the public awareness and pathing efforts of both the two firms has increased, the malware developers have switched to the Microsoft’s Silverlight.
“Java and Flash have been heavily exploited over the years, and vendors are getting good at writing engines that detect vulnerabilities in those libraries,” said the Cisco researcher Craig Williams. “Silverlight has not been exploited much. There are some limited CVEs, but few are widespread. What we may be seeing here is a tipping point where Java exploits are being detected and what other formats can hackers take advantage of.”
Levi Gundert , Technical lead at Cisco Threat Research observed that the Angler campaign exploits two known Silverlight vulnerabilities i.e.
- CVE-2013-0074 - which gives attackers the ability to remotely execute malicious code
- CVE-2013-3896 - it allows to bypass Data Execution Prevention (DEP), a security mitigation added to most Microsoft applications.
"We should expect these existing Silverlight exploits to proliferate through other exploit pack families in the near future as threat actors copy code from each other and release updates," Gundert wrote.
Silverlight exploits are also ideal because Silverlight continues to gain rich Internet application market share, perhaps surpassing Java, and Microsoft’s life cycle schedule suggests Silverlight 5 will be supported through October, 2021."
The security firm didn't expose the names of compromised websites serving the exploit kit. The Angler exploit kit managers were expected to be of the same group that was behind the infamous Reveton ransomware.