Cisco Blogs


Cisco Blog > Security

Angling for Silverlight Exploits

VRT / TRACThis post is co-authored by Andrew Tsonchev, Jaeson Schultz, Alex Chiu, Seth Hanford, Craig Williams, Steven Poulson, and Joel Esler. Special thanks to co-author Brandon Stultz for the exploit reverse engineering. 

Silverlight exploits are the drive-by flavor of the month. Exploit Kit (EK) owners are adding Silverlight to their update releases, and since April 23rd we have observed substantial traffic (often from Malvertising) being driven to Angler instances partially using Silverlight exploits. In fact in this particular Angler campaign, the attack is more specifically targeted at Flash and Silverlight vulnerabilities and though Java is available and an included reference in the original attack landing pages, it’s never triggered.

Rise in Angler Attacks

HTTP requests for a specific Angler Exploit Kit campaign

Exploit Content Type

Angler exploit content types delivered to victims, application/x-gzip (Java) is notably absent

 

Read More »

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Crumbling to the Cookiebomb

Recently we have seen a spate of government websites hosting malicious Cookiebomb JavaScript. We have observed URLs with the top level domains such as ‘.gov.uk’, ‘.gov.tr’, ‘.gov.pl’ and the website of a middle eastern embassy in the US become compromised and expose visitors to malware infection. For malicious actors, highly reputable websites are a valuable target to compromise. Politically motivated attackers, such as the Syrian Electronic Army, can use these websites to highlight their cause, to cause embarrassment to an adversary, or to spread malware, possibly as part of a watering hole attack. Profit motivated distributors of malware can use these websites to infect the steady stream of visitors who trust the website and who are unlikely to suspect that it has been compromised.
Read More »

Tags: , , , ,