Incident Response, Malware, Patch/Configuration Management, TDR, Vulnerability Management

Researchers observe recently patched Adobe bug added to exploit kits


A recently patched integer overflow vulnerability in Adobe Flash Player, CVE-2014-0569, has been added to the Fiesta Exploit Kit, as well as the Angler Exploit Kit, according to a researcher who goes by the name Kafeine.

“The first payload you get hit with is the infamous fileless malware also known as Bedep which enrolls you inside of a botnet,” Jerome Segura, senior security researcher at Malwarebytes, wrote in a Wednesday blog post, citing a tweet by Kafeine.

The initial payload is identified by Malwarebytes Anti-Malware as Trojan.FakeMS.ED, Segura wrote, imploring users to download the latest version of Flash Player.

“Perhaps this is not too much of a deal for individuals, but it can be more difficult for businesses which need to roll out patches on dozens of machines, hoping doing so will not cause malfunctions in existing applications,” he wrote.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.