Nuclear Exploit Kit Using New Intelligent Flash Bypass, Finds Morphisec

Israeli security company Morphisec, whose core attention is towards polymorphic defense for which it received praise at the 2014 RSA Conference has found one cunning Flash bypass that the 'Nuclear' attack toolkit is using, published csoonline.com during the 1st-wek of October 2015.

Both exploit kits Nuclear and Angler have been abusing CVE-2015-5560 vulnerability for which a patch was released during August 2015 following Adobe's issuance of new Flash edition no. 18.0.0.232.

In reality however, whilst Adobe is generally regarded as an urgent application, organizations don't frequently adopt its updates immediately which's still worse if there isn't any patch management system within such organizations. Therefore, plentiful systems continue to exist which are using Flash versions 18.0.0.209 else earlier.

According to Morphisec, when its researchers tried reproducing the attack code within the company, the bypass became noticeable as the company's product proved successful in accurately identifying the code.

Malevolent Flash files that the attack toolkit websites deliver alter their content whenever a delivery is made; however, the size is kept the same. Flash files as mentioned that are created for abusing one Flash Player security flaw (already patched) with the purpose for thrusting malware onto users' PCs normally are identical; however, their variable and function names are altered in every instance.

Vice-President of Research and Development Michael Gorelik at Morphisec said that based on the above, his company concluded that Nuclear EK produced fresh attack codes which circumvented hash-based else signature solutions successfully. Securityweek.com reported this, October 16, 2015.

Security investigators further discovered that host of the attack code located the IP addresses of the victims for making sure no user is delivered the identical code two times from identical host. With that, the attack would bypass man-in-the middle safeguards as well as not allow investigators to relay the assault while reversing the code back-to-front.

In another modification, one Nuclear Exploit Kit for a Flash Player attack code was created for evading certain defenses that Adobe implemented earlier in October 2015. However, researchers could unravel that encryption. As with the latest sample, attackers have so improved the encryption that researchers have been unable to extract the attack code.

» SPAMfighter News - 10/26/2015