Adobe Flash Zero Day in Exploit Kit

Friday, January 23, 2015 @ 04:01 PM gHale


An exploit for an unconfirmed Adobe Flash Player Zero Day added in to the Angler exploit kit and is, along with exploits for several other Flash flaws, opening users’ Windows machines to the Bedep Trojan.

The discovery came from malware researcher Kafeine, who said not all instances of the exploit kit are equipped with the Zero Day.

RELATED STORIES
Zero Day Abused in Sony Hack: Report
Sony: Risk Management in Real Time
Talk to Me: Elevating Security Awareness
Defending ICS Against Dragonfly Attacks

Adobe Flash Player see such wide usage that this particular malware delivery campaign could be very successful.

Windows 8.1 and Google Chrome users are safe from this exploit due to the operating system’s and browser’s sandbox, Kafeine said in a blog post. Malwarebytes Anti Exploit also blocks the exploit.

Windows XP, 7, 8 and Internet Explorer 6, 7, 8, and 10 users might want to consider disabling their Flash Player for a couple of days. The flaw affects Flash versions 16.0.0.235 and 16.0.0.257 (the latest).

The Bedep Trojan makes the victims’ computer perform ad fraud calls.

Trend Micro researchers said malvertisements are delivering these exploits to end users.



Leave a Reply

You must be logged in to post a comment.