Skip to main content
Customer Support Customer Support

Angler EK Operators Compromised Over 50 GoDaddy Accounts

  • February 3, 2015
  • 4 replies
  • 329 views
Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54
By Ionut Ilascu    3 Feb 2015
 
Some domains were abandoned after a single use
 
The group of cybercriminals behind the Angler browser-based attack managed to compromise registrant accounts from GoDaddy for hosting Flash Player exploits on legitimate websites.
 
In the past two weeks Adobe was forced to release two out-of-band security updates for Flash Player, removing two zero-day vulnerabilities (CVE-2015-0310 and CVE-2015-0311) that were being exploited in the wild.

 

About 1,800 legitimate domains used by Angler operators

 
This week, another security fix is expected, as cybercriminals discovered another zero-day (CVE-2015-0313) and created an exploit that is actively employed against users of Internet Explorer and Mozilla Firefox running on any version of Windows.

The first two exploits are delivered through Angler, while the third one is flung by Hanjuan exploit kit, according to independent researcher Kafeine.

Security researchers from Cisco monitored the activity of Angler and noticed that with CVE-2015-0311 the campaign started on January 26, the most active days being January 28 and 29. Full Article
    Baldrick
    1 person likes this
    • Baldrick
      Baldrick

    4 replies

    Petrovic
    Gold VIP
    Forum|alt.badge.img+52
    • Petrovic
    • Gold VIP
    • 1544 replies
    • March 5, 2015
    GoDaddy accounts compromised to run a campaign based on Angler kit
     

    Experts at Cisco discovered a new technique dubbed Domain Shadowing consisting in the creation of thousand subdomains used to spread the Angler exploit kit

    Cyber criminals have used hundreds of legitimate domain name accounts registered through GoDaddy to run a malicious campaign using the popular Angler exploit kit. Crooks hacked domain name accounts in order to infect visitors with malware, the hackers are using the accounts to create subdomains that direct unaware visitors to websites hosting Angler exploit.
    The Angler exploit is one of the most effective exploit kit available in the underground ecosystem, it is continuously integrated by the authors with new exploits and recently it also included the exploits for Adobe Zero-Day vulnerabilities.
     
    Full Article
    Helpful Webroot Links: Download (PC) | Download (Best Buy Subscription) | Submit Support Ticket | Account Console | User_Guides | BrightCloud URL lookup
    Ssherjj
    1 person likes this
    • Ssherjj
      Ssherjj
    D
    Popular Voice
    • deunnero
    • Popular Voice
    • 172 replies
    • March 5, 2015
    does webroot block the angler malware?     :catvery-happy:
    Jasper_The_Rasper
    Moderator
    Forum|alt.badge.img+54
    @ wrote:
    does webroot block the angler malware?     :catvery-happy:
      Are we safe @ do you know?
    DanP
    Forum|alt.badge.img+35
    • DanPOpenText Employee
    • OpenText Employee
    • 515 replies
    • March 5, 2015
    @ wrote:
    does webroot block the angler malware?     :catvery-happy:
    These are web-based exploits. Angler is an explot kit that was used to exploit some earlier vulnerabilites in Adobe Flash Player, which Adobe pathced in the past two weeks. The exploit mentioned in the article was being delivered by the Hanjuan exploit kit, and Adobe has already issued a patch for that exploit. If you have Adobe set to automatic updates you should have already received the patch, otherwise you should update Adobe Flash Player here.
     
    Here is the security bulletin regarding the lastest exploit: https://helpx.adobe.com/security/products/flash-player/apsa15-02.html
     
    -Dan
    Webroot Threat Research
    Jasper_The_Rasper
    nic
    2 people like this
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • nic
      nic

    Reply


    Terms & Conditions