Researchers
are warning that the Nuclear exploit kit has evolved, a change evident by the
rising number of software products targeted by the crimeware kit, which now
takes aim at vulnerable versions of Microsoft Silverlight to spread malware.
On
Tuesday, Trend Micro revealed on its blog that the number of exploits used by
the kit has doubled since the beginning of the year – from three exploits
(targeting Adobe PDF, Internet Explorer, and Java software) to six, which now
entail Adobe Flash, Microsoft XMLDOM and Silverlight exploits.
Blog
author and Trend Micro threats analyst Brooks Li detailed why criminals added a
Silverlight exploit (CVE-2013-0074) in particular to the kit, saying that that
addition gave saboteurs “an expanded attack surface” and the means to avoid
detection “as not many security solutions have detections for this particular
exploit.”
More exploits, including Silverlight attack, packed in Nuclear kit |
Li
found that the Nuclear exploit kit will first check to see if a victim is
running the web browser plug-in Silverlight.
“If
the check passes, it will then attempt to use the Silverlight exploit to drop
malware into the system,” Li wrote.
The
exploit takes advantage of a Silverlight bug that has a patch; but since less security solutions would detect
the threat (compared to exploits for ubiquitous software, like Adobe Flash or
Java plug-ins for instance), users running vulnerable versions of Silverlight
could be a prime target for cybercriminals.
In
a Tuesday interview, Christopher Budd, global threat communications manager at
Trend Micro, told SCMagazine.com that the “scatter shot approach” taken up by
cybercriminals using exploit kits, is what makes crimeware kits “hard to
protect [users] against.”
“If
an exploit kit targets 100 vulnerabilities, and you're security software
protects against 99 of [the exploits], it doesn't matter that you are running
that [security] software – that software has failed you,” he later added.
The
Nuclear exploit kit has been used in a number of campaigns targeting users,
including an incident last November where the popular humor site Cracked.com
was compromised to host the the crimeware kit. In July, Symantec also
warned of a Facebook scam, where users clicking work from home related links were eventually led to Nuclear.
No comments:
Post a Comment