Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Angler Exploit Kit Loads Up CryptoWall 3.0 ransomware and Flash Flaw

Angler Exploit Kit Loads Up CryptoWall 3.0 ransomware and Flash Flaw

The Angler Exploit Kit (EK) has already established itself as one of the more sophisticated kits on the underground market. However, it is still finding ways to evolve. This week, EK was spotted dropping the latest iteration of CryptoWall ransomware and leveraging yet another previously patched Adobe vulnerability. The attack used common EK obfuscations (SecureSWF) and techniques. The exploit involves a race condition in the shader class in which the width/height of a shader object is asynchronously modified while starting a shader job will result in a memory corruption vulnerability. Angler uses this to execute arbitrary code and infect unpatched users’ systems. Once it is able to infect user systems, criminals can use that access to drop any number of payloads. Recently Angler was found to infect hosts with the CryptoWall ransomware. The malware has evolved and had several dropper features removed from its previous iteration, including multiple exploits and an anti-VM check to prevent it from running in virtual environment. The lack of any exploits in the dropper itself seems to indicate that the malware authors are focusing more on using exploit kits as an attack vector, since the exploit kit’s functionality could be used to gain privilege escalation on the system and this is now clearly being played out in Angler.
Read More:
Info Security
IT Security News
Team Cymru
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis