Angling for a piece of Flash

 In ITC's Threat of the Week

A couple of weeks ago we talked about (yet another) vulnerability in our old friend Adobe Flash, which was being exploited in the wild.

As many of you will know, this was patched on May 10th 2016 (a nice birthday present for me, thank you Adobe). What you will probably also know is that many, many people, possibly even some of your users, especially the BYOD brigade, have not upgraded Flash as they should, after all we are in a proper ‘crying wolf’ saga with Adobe.

This has now become a very serious issue. The immensely talented people over at Malwarebytes, together with the people at Proofpoint have revealed a new, huge malvertising campaign which targets the aforementioned Flash vulnerability and uses it to serve up the Angler exploit kit, together with Angler’s really nasty CRYPTXXX ransomware software.

Here are some things to be aware of:

  • The attack is highly targeted using fingerprinting to establish a viable victim
  • The user is redirected Rocket Fuel’s rfihub.com rather than the Google Doubleclick redirector. The downloaded package is encrypted and very hard to spot
  • The top ten websites identified by Malwarebytes are:
    • dailymotion.com
    • kijiji.ca
    • vodlocker.com
    • answers.com
    • cda.pl
    • cbssports.com
    • m.mlb.com
    • legacy.com
    • thechive.com
    • cbs.com

If you are interested in the mechanics of the infection, Jerome Segura of Malwarebytes has posted this fantastic article here.

The time for complacency is over. It is imperative that all machines under your control have Flash patched up to date.

We recommend that you inspect all machines connected to your network and if they are not up to date, bar them or move them to a safe dark place until they get better. We can help you do this automatically by using tools and processes embedded in our NetSure360° managed service.

We were very interested to see the UK Government’s prospectus for the National Cyber Security Centre, a facility to encourage and promote knowledge sharing and best practices, due to be launched in autumn.

This programme and associated increased national investment in cyber security can only be a good thing. The prospectus looks great. Lets hope the walk matches the talk.

If you have 30 minutes to spare, have a look here.

But please only do that if you are sure that your blumming flash is up to date.

Author: Kevin Whelan

Recent Posts

Leave a Comment