A new zero-day exploit of Adobe Flash has been uncovered – just one week after Adobe released a patch to fix nine critical security vulnerabilities in its popular and widely used video player software.
An independent security researcher who goes by the name of Kafeine (@kafeine on Twitter) warned that the zero-day flaw has already been incorporated into the Angler EK exploit pack or “crimeware” kit, and is being actively used at the moment. The new zero-day in Angler uses the Bedep distribution botnet, according to Kafeine. “Disabling Flash player for some days might be a good idea,” he suggested in an advisory posting.
Angler is widely used in “crime as a service” offerings. It contains code that can exploit a wide range of potential vulnerabilities in web-facing software and targets, in particular, popular browser plug-ins that can be used as entry to break the security on users’ PCs. From there, the operators of the exploit pack can download Trojans, keystroke loggers or any manner of malware to further compromise the target PC.
Angler, according to Malwarebytes, is one of the most widely used crimeware packages at the moment due to the frequency of updates to the exploit pack, while Flash has become a popular target of choice among crackers. “Flash has been plagued with critical vulnerabilities in the past few months and surpassed the no longer popular Java as the most exploited plugin,” said Jérôme Segura, a senior security researcher at Malwarebytes.
Segura claims that the latest exploit was successfully blocked in a test run by Malwarebytes. On unprotected machines, the Angler Exploit Kit will install Bedep, a distribution botnet that can load multiple payloads on the infected host.
Upon infection, explorer.exe (not to be confused with iexplore.exe) is injected and performs the ad fraud calls, continued Segura. The exploit kit is currently being used to run online advertising fraud, by collecting a botnet to make bogus requests for Google Doubleclick adverts without end-users’ knowledge.
The last set of updates from Adobe, released just last Tuesday, addressed security vulnerabilities in the Flash Player present in all platforms – Windows, Mac OS and Linux. However, Adobe does not have a fix for the vulnerability at this time.

Leave a Reply