Bow Chicka Bow - Woah! Flash Exploit Does A Porno

I think it's pretty well understood that "adult" websites have more than their fair share of malware lurking in the background. It's also pretty well understood that Adobe Flash's "security" is pretty horrible and frequently needs patching. Put those two together, and you have a match made in, well, not heaven.

Yesterday, [Adobe] issued a patch for bug CVE-2015-0311, one that exposes a user's browser to become vulnerable to code injection, and the now infamous Angler EK (Exploit Kit).
To fall victim to this kind of attack, all someone needs to do is visit a website with compromised Flash files, at which point the attacker can inject code and utilize Angler EK, which has proven to be an extremely popular tool over the past year.

This particular version of Angler EK is different, however. For starters, it makes use of obfuscated JavaScript and attempts to detect virtual machines and anti-virus products. Its target audience is also rather specific: porn hounds. According to FireEye, which has researched the CVE-2015-0311 vulnerability extensively, this exploit has reached people via banner ads on popular adult websites.

No comments:

Post a Comment