FEBRUARY 15, 2015
Your regular source of security updates from TrendLabsSM
In This Issue

Security Spotlight
Adobe Zero-Day Used in Malvertising

Security for Home Users
Crypto-Ransomware Extortion Goes Global

Security for Business
Targeted Attack Tool Coded 12 Years Ago Still Useful

Security Spotlight

Adobe Zero-Day Used in Malvertising

Though CVE-2015-0311 has been patched, CVE-2015-0313 still hasn’t. That means Adobe Flash users are still at risk.”

The year has just begun but zero-days are already making headlines. Bugs (CVE-2015-0311 and CVE-2015-0313) were found in Adobe® Flash® Player. Let’s take a look how cybercriminals took advantage of these vulnerabilities.

What They Do

The first Flash Player vulnerability can be exploited via malvertisements on certain sites. Clicking the ads on unprotected systems runs an embedded malicious .SWF file that downloads the actual malware. This compromises that system’s security and puts the users’ personal information at risk.

The second vulnerability was quite similar though their malvertisements seem to be hosted on Dailymotion, a popular online video-hosting site. The Flash Player version that patched CVE-2015-0311 remained vulnerable to CVE-2015-0313. Note that the site’s content was not the exploitation vector, the advertising platform was.

Both vulnerabilities were exploited with the help of the Angler Exploit Kit.

Angling for Victims

The Angler Exploit Kit has a file-less infection feature. It does not drop its final payload file onto affected systems but decrypts and executes it in the system’s memory.

This obfuscation technique was seen in our analysis of the vulnerabilities. We also saw an increase in Angler Exploit Kit activity as soon as the first vulnerability was discovered.

What You Can Do

While the first vulnerability (CVE-2015-311) has been patched, the second (CVE-2015-313) has not. The best thing to do right now is to disable Flash Player on your system until Adobe resolves the situation. If disabling the program is not an option, we strongly recommend using ad-blocking software. Security solutions that block access to malicious sites with ads that can exploit the vulnerabilities should be used.

Copyright ©2015 Trend Micro Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their respective owners. The information contained in this document is subject to change without prior notice.