Adobe Flash remains threat as users fail to update, researchers

Flash is still being used as a route for attackers exploiting holes users fail to update.
Flash is still being used as a route for attackers exploiting holes users fail to update.

Although an Adobe update to its Flash program fixed a zero-day vulnerability, attackers are still taking advantage of it as many users have failed to install the patch.

And the threat is serious, as ransomware, banking malware and a trojan capable of hijacking online banking logins and passwords are spreading, according to KimKomando.

Three exploit kits – Neutrino, Magnitude and Angler – have been detected using security vulnerabilities to infect systems with ransomware, i.e., CryptXXX and DMA Locker, or a trojan dubbed Gootkit that can siphon out online banking credentials.

Perhaps most troubling is Angler, which is being employed – usually through MS Office documents attached in emails – to spread the Dridex banking trojan, which has already drained $30 million from bank accounts.

Users are advised to uninstall Flash and update to the most current version. As well, internet security software is recommended to warn against phishing scams.

Meanwhile, a two-year-old EITest campaign that has mainly used the Angler Exploit Kit to distribute a number of malware payloads has been detected using the Neutrino EK on occasion, reports SANS. The infection is spread via Adobe Flash Player.

Following best Windows security practices will prevent infection, SANS stated, but malware remains a significant threat as a lot of people fail to update applications, install the latest OS patches, and adhere to software restriction policies.

“Attackers have always gravitated toward low hanging fruit," Amol Sarwate, director of engineering at Qualys, told SCMagazine.com in an emailed statement. "Finding a zero day –  i.e., previously unknown – vulnerability, is time consuming and involved. Instead attackers are focusing their efforts on finding ways to exploit a vulnerability after a patch is released."

Sarwate explained that this is typically done by using binary diffing/reverse engineering tools which allow inspection of changes made by the patch and can give clues on how an un-patched target could be exploited. "Attackers get a high return if they can do this expeditiously as they depend on slower patch deployment," he said. "For high value targets like Adobe Flash we have seen quick exploit being developed and we expect this time to shorten further."

He agreed that the best way to defend against such attacks is to patch as soon as possible.


You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS