Silverlight Exploit in Exploit Kit

Thursday, February 25, 2016 @ 04:02 PM gHale

Users should make sure they have the updated version of Silverlight because an exploit for the newly patched software is now an ingredient in a major exploit kit.

The developers of the Angler exploit kit added code for the integration of a Silverlight exploit, said the French security researcher that goes under the moniker of “Kafeine.”

Ransomware Targets Android Users
Exploiting a Flaw in Ransomware
Ransomware Locks Files, Tosses Key
Ransomware Spreads Via Exploit Kit

The integration of the Silverlight exploit was ready to go and the vulnerability used by the attackers ended up patched by Microsoft in January, Kafeine said.

In one of the tests performed by Kafeine, the Silverlight exploit ended up used to deliver a variant of the TeslaCrypt ransomware. The researcher said the attack does not work if Silverlight 5.1.41212.0, the version released by Microsoft to patch the vulnerability, is on the system.

The Silverlight vulnerability ended up discovered in late November by researchers at Kaspersky Lab based on a YARA rule designed to detect an exploit a Russian hacker had offered to sell to Italian spyware maker Hacking Team in 2013.

The hundreds of gigabytes of Hacking Team data leaked by a hacker in July 2015 included emails exchanged by the company with people offering to sell exploits. In 2013, a Russian exploit developer named Vitaliy Toropov offered to sell Hacking Team a Silverlight exploit.

It remains murky if Hacking Team actually acquired the Silverlight exploit from Toropov, researchers at Kaspersky Lab created a YARA rule based on the Russian hacker’s publicly available code in an effort to track down the exploit he had attempted to sell to the Italian company.