Adobe Flash Player has again seen a zero-day exploit that has appeared in the field due to a critical vulnerability that enables drive-by-download attacks. The U.S seems to be teeming with a malvertising-based attack having its foundations on the exploit.
It is Adobe Flash Player 126.96.36.1996 and earlier versions for the Windows and the Mac that carry the fault affecting systems running Internet Explorer and Firefox on Windows 8.1 and below. Exploits cause system crashes and possibly permit attackers to take control of the system, says Adobe.
Trend Micro reported that the people who have visited the well-known site “dailymotion.com” have been redirected to a series of sites that finally end up on the URL hxxp://www.retilio.com/skillt.swf, where the exploit is itself hosted. The contamination occurs automatically when the users visit a site. This is because the advertisements are designed in such a manner in which the advertisement is loaded as soon as a site is visited.
The firm reported that the first-stage analyses reveled that this might have been executed by operating the Angler Exploit Kit since there have been matches between the obfuscation techniques and infection chains. Also, the firm told that there is a high probability that this was not only constrained to Dailymotion website as the website content was not the reason for triggering the infection, rather it was the advertising platform that was responsible.
The attack happens to be something recurring from at least January 14, Trend Micro said. But the situation started to get really worse as January 27 set in with a spike in hits to the affected site.
An update of the Flash Player is expected to be released this week and that Adobe is working actively on the issue.
This is the third zero-day for Flash in January alone and it is amazingly like the previous fault that infects any version of Internet Explorer or Mozilla Firefox on any version of Windows. It should again be emphasized that the exploitation in the wild was due to the use of the Angler exploit kit that used the issue in a malvertising attack. Angler was dropping the Trojan downloader Bedep, in this case. This Trojan is then being used to hijack PC’s for ad fraud (the PC that is attacked becomes like a zombie in botnet generating forged clicks on ads for pay-per-click revenue) and for downloading ransomware like CryptoLocker.