Hacking Team Flash Zero-Day Integrated Into Exploit Kits

Feedback from the Trend Micro™ Smart Protection Network™ has allowed us to learn that the Angler Exploit Kit and Nuclear Exploit Pack have been updated to include the recent Hacking Team Flash zero-day. In addition, Kafeine said, Neutrino Exploit Kit also has included this zero-day.

The existence of this particular vulnerability was just leaked from Hacking Team; Adobe has confirmed this vulnerability and released an advisory. This advisory also confirms that this flaw has been assigned a CVE number, CVE-2015-5119. Adobe’s bulletin also confirms that all versions of Flash Player in use today are potentially vulnerable.

All Flash Player users are at risk until they can download the patch. It is expected that a patch will be delivered by Adobe sometime on July 8. We noted earlier this month that Flash Player was being targeted more frequently by exploit kits, and that pattern shows no sign of changing soon.

Figure 1. Angler exploit kit HTTP GET header

Figure 2. Nuclear exploit kit HTTP GET header

We have identified one of the payloads being spread in this manner as CryptoWall 3.0, particularly by the Angler exploit kit.

Figure 3. Cryptowall ransom page

Trend Micro is already able to protect users against this threat. The existing Sandbox with Script Analyzer engine, which is part of Trend Micro™ Deep Discovery, can be used to detect this threat by its behavior without any engine or pattern updates.  The Browser Exploit Prevention feature in our endpoint products such as Trend Micro™ SecurityOfficeScan, and Worry-Free Business Security blocks the exploit once the user accesses the URL it is hosted in. Browser Exploit Prevention protects against exploits that target browsers or related plugins.

The SHA1 hashes of the malicious Adobe Flash exploits are:

  • 03bc4a75626ca7e3c1b43b1c73d4f569c4805fcf
  • 9e3223bc016c94b5b576e3489f8d9b6d979b8965

Post from: Trendlabs Security Intelligence Blog – by Trend Micro

Hacking Team Flash Zero-Day Integrated Into Exploit Kits

Read more: Hacking Team Flash Zero-Day Integrated Into Exploit Kits

Story added 8. July 2015, content source with full text you can find at link above.