Magnitude EK Spikes with Latest Flash Vulnerability: CVE-2016-1019

Adobe has released an emergency update for yet another Flash Player vulnerability: CVE-2016-1019, which affects Flash Player versions 20.0.0.306 and earlier. Adobe’s security advisory was first published on April 5th and highlighted the mitigation measures included in Flash version 21.0.0.182, which prevents further exploitation of the vulnerability; the emergency update was released on April 7th.

As we know, exploit kit authors will eagerly take advantage of a vulnerability when a patch is not yet available. At the time of the initial advisory release, we noticed a spike of Magnitude Exploit Kit (EK) hits from our telemetry.

Magnitude EK 2016.04.07

Magnitude EK was updated to include the exploit for the CVE-2016-1019 flaw, but we already block that with an existing Flash exploit detection.

MagnitudeEK_Salama.H_20160407

A month ago, we posted about a malvertising campaign pushing users to Magnitude EK. We have observed similar ad platforms being used in this latest campaign, as well as a notable addition of new redirectors/gates leading users to the landing page. We also include these redirectors/gates as part of our Magnitude EK detection.

MagnitudeReferers_AdPlatforms_20160407.PNG

We have also observed that some of the hits are coming from adult sites and free video streaming sites.

MagnitudeReferers_AdultSites_20160407.PNG

Magnitude EK is currently delivering the Cerber crypto-ransomware (SHA1: 1f6f5c03d89a80a725cdff5568fc7b98bd2481b8).

The countries most affected by this campaign are France, Belgium, Germany, Finland, and Netherlands.

Our users are protected from the Cerber ransomware and Magnitude EK (including its redirectors and the latest Flash exploit it uses) by the following detections:

  • Exploit:JS/MagnitudeEK.G
  • Exploit:SWF/Salama.H
  • Trojan:W32/CryptoRansom.A!DeepGuard

We recommend users update to the latest version of Flash Player.



Articles with similar Tags