IE Exploit Incorporated into Notorious AEK, States FireEye

According to FireEye, attackers responsible for AEK (Angler Exploit Kit) recently incorporated one exploit of tweaked edition that abuses one patched flaw in Microsoft's IE known as the UAF (use-after-free) security flaw.

It maybe noted that exploit kits comprise packages of malware with which chiefly automated 'drive-by' assaults are executed for disseminating any malware while these get sold on underground marketplaces and are extensively variable. Today, hosted exploit toolkits on rent are also commonplace that therefore makes the market competitive having plentiful players along with numerous separate developers.

Microsoft patched the security flaw (MS14-056) during past October's Patch Tuesday cycle of fixes; however, attackers continue to manage including the flaw into their attack toolkit. Just like the exploits revealed during Oct 2014, the latest addition to AEK being utilized has been recreated for eluding MEMPROTECT the mitigation technology of IE.

Staff Research Scientist Dan Caselden with FireEye after posting regarding the security flaw getting incorporated into Angler asserted it was interesting whatever featured the attack's perspective since it mainly dealt with Internet Explorer deployments which relied on MEMPROTECT -started July 2014- nevertheless additionally claimed that the flaw further firmed the notion about assaulters continuing to be enthusiastic about hijacking IE, particularly when end-users ran almost 5-month-old editions of the browser.

Lately, investigators from Websense another security company described Angler as perhaps an extremely refined attack toolkit that cyber-crooks used these days, making use of several methodologies towards defeating detection like the capability for spotting virtualization and anti-virus programs, and encrypted payloads.

Abel Toro Security Researcher at Websense said the toolkit was leader in creating techniques which other attack toolkits began utilizing later like encrypted dropper documents and anti-virus detection. Securityweek.com reported this, March 2, 2015.

Moreover, according to Toro, Angler was the fastest for incorporating the most recent 0-day vulnerabilities -the CVE-2015-0311 Adobe Flash 0-day- as also it leveraged one distinct obfuscation technique. Lastly, the dropped malicious program that Angler ran was from its memory and not to be written into the machine's hard drive - that distinct technique thus made conventional AV mechanisms enormously hard for detecting the toolkit since they worked with file-system scanning.

» SPAMfighter News - 3/9/2015