Batu69 Posted June 29, 2015 Share Posted June 29, 2015 CVE-2015-3113: Patch or pay. Attackers have added a recent dangerous Adobe vulnerability to the Magnitude exploit kit, according to respected independent malware researcher "Kafeine".The remote code execution vulnerability (CVE-2015-3113) revealed last week allows attackers to hijack un-patched machines targeting Internet Explorer on Windows 7 and XP.Web villains designated APT 3 by FireEye sleuths are already exploiting the flaw through phishing attacks.Now the researcher known as Kafeine says the vulnerability has been added to the Magnitude exploit kit in what is a significant elevation of risk for Flash users.Kafeine says Magnitude attackers are using the exploit to drop the Cryptowall ransomware."CVE-2015-3113 has been spotted as a zero day by FireEye, exploited in limited targeted attacks. It's now making its path to exploit kits," he says. Magnitude said to generate as of August up to $US100,000 a month for its author maintains about a third of the exploit kit market according to Trustwave [PDF]. The researchers say the Magnitude author, thought to be a single Russian, could make up to $3 million a year.Criminal customers pay up to 20 percent of profits depending on the level of snared traffic in order to use the exploit kit which made its name after fleecing visitors to PHP.net.The addition of CVE-2015-03113 comes about a week after the Magnitude author added a previous Adobe Flash vulnerability (CVE-2015-03105) to the kit which also dropped the dangerous Cryptowall ransomware.Source Link to comment Share on other sites More sharing options...
212eta Posted June 29, 2015 Share Posted June 29, 2015 Goddamn Flash... :( Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.