Ransomware slinging exploit kit targets Flash remote code execution
CVE-2015-3113: Patch or pay.
Attackers have added a recent dangerous Adobe vulnerability to the Magnitude exploit kit, according to respected independent malware researcher "Kafeine".
The remote code execution vulnerability (CVE-2015-3113) revealed last week allows attackers to hijack un-patched machines targeting Internet Explorer on Windows 7 and XP.
Web villains designated APT 3 by FireEye sleuths are already exploiting the flaw through phishing attacks.
Now the researcher known as Kafeine says the vulnerability has been added to the Magnitude exploit kit in what is a significant elevation of risk for Flash users.
Kafeine says Magnitude attackers are using the exploit to drop the Cryptowall ransomware.
"CVE-2015-3113 has been spotted as a zero day by FireEye, exploited in limited targeted attacks. It's now making its path to exploit kits," he says.
Magnitude said to generate as of August up to $US100,000 a month for its author maintains about a third of the exploit kit market according to Trustwave [PDF]. The researchers say the Magnitude author, thought to be a single Russian, could make up to $3 million a year.
The addition of CVE-2015-03113 comes about a week after the Magnitude author added a previous Adobe Flash vulnerability (CVE-2015-03105) to the kit which also dropped the dangerous Cryptowall ransomware. ®