Security

Ransomware slinging exploit kit targets Flash remote code execution

CVE-2015-3113: Patch or pay.

Attackers have added a recent dangerous Adobe vulnerability to the Magnitude exploit kit, according to respected independent malware researcher "Kafeine".

The remote code execution vulnerability (CVE-2015-3113) revealed last week allows attackers to hijack un-patched machines targeting Internet Explorer on Windows 7 and XP.

Web villains designated APT 3 by FireEye sleuths are already exploiting the flaw through phishing attacks.

Now the researcher known as Kafeine says the vulnerability has been added to the Magnitude exploit kit in what is a significant elevation of risk for Flash users.

Kafeine says Magnitude attackers are using the exploit to drop the Cryptowall ransomware.

"CVE-2015-3113 has been spotted as a zero day by FireEye, exploited in limited targeted attacks. It's now making its path to exploit kits," he says.

CVE-2015-3113 added to Magnitude image

CVE-2015-3113 added to Magnitude.

Magnitude said to generate as of August up to $US100,000 a month for its author maintains about a third of the exploit kit market according to Trustwave [PDF]. The researchers say the Magnitude author, thought to be a single Russian, could make up to $3 million a year.

Criminal customers pay up to 20 percent of profits depending on the level of snared traffic in order to use the exploit kit which made its name after fleecing visitors to PHP.net.

The addition of CVE-2015-03113 comes about a week after the Magnitude author added a previous Adobe Flash vulnerability (CVE-2015-03105) to the kit which also dropped the dangerous Cryptowall ransomware. ®

Sponsored: Accelerated Computing and the Democratization of Supercomputing