A new zero-day vulnerability that affects Adobe Flash has been discovered, and is already being exploited by cybercriminals. One of the samples obtained by Trend Micro's Smart Protection Network show that it's the same zero-day exploit that security researcher Kafeine had reported only hours earlier.
A quick summary of the most important details about this particular vulnerability: - It is affecting the latest versions of Adobe Flash Player.
- It is being exploited to install malware onto vulnerable systems.
- The exploit kit being used in this particular instance is identified as the Angler exploit kit that uses new techniques to hide its malicious routines.
- By tracking the most recent victims of the Angler Exploit kit, we believe that most of this vulnerability’s victims come from the US (84%) with a handful coming from Australia and Taiwan (9% and 5% respectively).
- Based on attacks seen so far, the installed malware’s main function is to perform ad fraud against ad networks.
“Vulnerabilities are found all the time. But usually vulnerabilities are fixed with a patch when they’re found, before attackers can target them. As long as you keep your system up-to-date, you’re protected against most vulnerability. What makes this situation serious is that researchers, including our TrendLabs researchers, have discovered that attackers found this vulnerability first and have been attacking it before a patch is available: this kind of situation is called a “zero-day” situation, because defenders have “zero days” to protect against attacks. This means even if you keep your system up-to-date, you’re still at risk of attack until Adobe releases a patch,” commented Christopher Budd, global threat communications manager with Trend Micro.
What is ad (advertisement) fraud? Ad fraud is done by a program designed to automatically click on certain ads on a certain website, artificially inflating the amount of clicks that ad gets. Since ad networks pay the owner of the website hosting their ads based on the amount of click each ad gets, ad fraud games the system by tricking the hapless ad network to pay more.
This may sound harmless as it doesn’t necessarily affect users, but the fact that it does install malware onto your system –which in turn may download and install other, more damaging and harmful malware onto your system – makes this particular vulnerability something to be aware of.
[From the Security Intelligence Blog: Flash Greets 2015 With Zero-Day]
A patch to address this vulnerability hasn't been released. In the meantime, users can turn Adobe Flash Player off for the time being. It has also been noted that Chrome's Flash Player plugin and Firefox is not affected by this threat.
January 25 Update: The exploit now targets Firefox, along with Internet Explorer. Chrome is still unaffected. Users who can't disable Flash Player can consider installing ad blocking software or browser extensions.
About Trend Micro
Trend Micro Incorporated (TYO: 4704), a global leader in security software, strives to make the world safe for exchanging digital information. Our solutions for consumers, Trend Micro™ Smart Protection Network™ provide layered content security to protect information on mobile devices, endpoints, gateways, servers and the cloud. Trend Micro enables the smart protection of information, with innovative security technology that is simple to deploy and manage, and fits an evolving ecosystem. Leveraging these solutions, organizations can protect their end users, their evolving data center and cloud resources, and their information threatened by sophisticated targeted attacks.
All of solutions are powered by cloud-based global threat intelligence, the Trend Micro™ Smart Protection Network™, and are supported by over 1,200 threat experts around the globe.
For more information, visit www.trendmicro.com/en_ae/. Or follow our news on Twitter at @trendmicro_mea.