Application security, Malware, Patch/Configuration Management, Vulnerability Management

Adobe Flash remains threat as users fail to update, researchers

Although an Adobe update to its Flash program fixed a zero-day vulnerability, attackers are still taking advantage of it as many users have failed to install the patch.

And the threat is serious, as ransomware, banking malware and a trojan capable of hijacking online banking logins and passwords are spreading, according to KimKomando.

Three exploit kits – Neutrino, Magnitude and Angler – have been detected using security vulnerabilities to infect systems with ransomware, i.e., CryptXXX and DMA Locker, or a trojan dubbed Gootkit that can siphon out online banking credentials.

Perhaps most troubling is Angler, which is being employed – usually through MS Office documents attached in emails – to spread the Dridex banking trojan, which has already drained $30 million from bank accounts.

Users are advised to uninstall Flash and update to the most current version. As well, internet security software is recommended to warn against phishing scams.

Meanwhile, a two-year-old EITest campaign that has mainly used the Angler Exploit Kit to distribute a number of malware payloads has been detected using the Neutrino EK on occasion, reports SANS. The infection is spread via Adobe Flash Player.

Following best Windows security practices will prevent infection, SANS stated, but malware remains a significant threat as a lot of people fail to update applications, install the latest OS patches, and adhere to software restriction policies.

“Attackers have always gravitated toward low hanging fruit," Amol Sarwate, director of engineering at Qualys, told in an emailed statement. "Finding a zero day –  i.e., previously unknown – vulnerability, is time consuming and involved. Instead attackers are focusing their efforts on finding ways to exploit a vulnerability after a patch is released."

Sarwate explained that this is typically done by using binary diffing/reverse engineering tools which allow inspection of changes made by the patch and can give clues on how an un-patched target could be exploited. "Attackers get a high return if they can do this expeditiously as they depend on slower patch deployment," he said. "For high value targets like Adobe Flash we have seen quick exploit being developed and we expect this time to shorten further."

He agreed that the best way to defend against such attacks is to patch as soon as possible.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.