New Adobe Flash Zero-Day found in the Wild

Thursday, January 22, 2015



Security researcher Kafeine has discovered a Zero-Day in Adobe Flash Player distributed through the Angler Exploit Kit.

Flash has been plagued with critical vulnerabilities in the past few months and surpassed the no longer popular Java as the most exploited plugin.

We immediately got our hands on this new Zero-Day (thanks Kafeine) and were able to replay it as well with the goal of testing our Anti-Exploit product:


With the latest version of Internet Explorer and latest version of Flash, the exploit was successfully blocked byMalwarebytes Anti-Exploit.

On unprotected machines, the Angler Exploit Kit will install Bedep, a distribution botnet that can load multiple payloads on the infected host.

As this is a breaking story, we are still analyzing the exploit and will update this post later accordingly.

Update: 01/21/15: Some details about the malware payload.

The payload in this particular instance was ad fraud. Upon infection, explorer.exe (not to be confused with iexplore.exe) is injected and performs the ad fraud calls.

The following Fiddler capture shows how a zombie PC is gaming the ad networks with bogus requests without the victim’s knowledge:


Unfortunately it is very hard to tell apart real users from fake ones and advertisers essentially end up paying for “impressions” or “clicks” where a human being was never involved.

This was cross-posted from the Malwarebytes blog. 

General Impersonation Phishing Phreaking
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.