Only some instances of the Angler Exploit Kit are targeting the latest flaw.
Kafeine, a well-known malware researcher, is reporting that the Angler Exploit Kit has started targeting new vulnerability in Adobe’s Flash Player. The malicious payload isn’t being used by all Angler instances, but at least one is targeting version 126.96.36.1997, the current release.
According a recent report from Malwarebytes, exploit kits are one of the fastest-growing threats online, as they’re able to leverage the inherent trust that people place in the websites they regularly visit. Not that long ago, a single exploit kit on a well-visited website infected 6,000 people in just 30 minutes, the report noted.
Modular by design, exploit kits and be updated on the fly to target the latest vulnerabilities in Flash, Internet Explorer, Adobe Reader, and Java.
Angler is just one of the popular kits on the criminal market, holding its own against RIG, Astrum, Sweet Orange, and Fiesta.
In a statement, Pedro Bustamante, the director of Special Projects at Malwarebytes, said the fact that the zero-day was being used by Angler shows that criminals are keen to target people en-masse.
“Using a delivery mechanism such as Angler increases the chance of successful infections, allowing for accurate attacks through infected adverts on high traffic websites,” Bustamante’s statement added.
The zero-day was observed during a drive-by-attack, and Kafeine says the payload is focused on Internet Explorer.
Testing has confirmed that the attack targets Windows XP (IE versions 6-9), Windows 7 (IE 8), and Windows 8 (IE 10). However, Windows 8.1 isn’t being targeted. Likewise, Chrome users are also being ignored by the payload delivery script.
A spokesperson from Adobe said that the company is aware of the zero-day reports and investigating the claims.