If you’re running Internet Explorer 6 through 11 or Firefox on Windows XP through to Windows 8.1, and have the latest Adobe Flash 126.96.36.1997 installed, you’re at risk of getting infected by malware right now.
This is even if you have your operating system and Flash up to date with all the latest updates and patches, as this is how zero-day vulnerabilities work - Adobe didn’t know there was a flaw and cybercriminals are actively exploiting it.
Trend Micro says that this new malware is affecting the latest versions of Adobe Flash Player, with Adobe yet to release a patch to fix the problem, with attacked systems finding ad-fraud malware against ad-networks, but which Kafeine says can also be used to install cryptolocker-style ransomware.
The exploit is now part of the ‘Angler Exploit Kit’, which cybercriminals are using to infect computers mostly in the US, with infections also coming from Taiwan, Australia, the UK and elsewhere.
The ad-fraud the current exploit is perpetuating sees program installed which ‘automatically click on certain ads on a certain website, artificially inflating the amount of clicks that ad gets. Since ad networks pay the owner of the website hosting their ads based on the amount of click each ad gets, ad fraud games the system by tricking the hapless ad network to pay more.’
This doesn’t necessarily affect users, but as Trend Micro points out that as malware has been installed onto your system, this malware can be programmed to install other malware in the future - which with ransomware or other malware nasties can cause damage to your files, steal your data or worse.
So, how do you get infected? Simply by going to any site on the Internet that has an infected Adobe Flash banner ad.
Trend’s blog states: “What makes this situation more serious is that the attacks we’ve seen are using banner ads (called “malvertisements”) to spread malware. This means that you can go to trusted sites you expect to be safe and still get malware on your system.”
“These attacks work by attackers targeting and compromising the third-party ad servers that offer the ads you see on legitimate and popular sites. This is a particularly nasty form of attack, one that puts average users at great risk.”
Trend Micro has more detail on this malware at its blog post here.
Trend recommends either turning off Flash Player, or if you’re not able to disable it, you can install ad-blocking software.
Kafeine notes that MalwareBytes’ free anti-exploit software also blocks this attack.
While IE and Firefox are affected, Google’s Chrome browser, which has Flash built-in, isn’t being affected by this threat, or at least, isn’t being affected at the moment.
There’s also no indication that Macs running Flash or Android devices still running Flash are affected, but it’s still worth running security software and applying Adobe Flash patches when they become available, although as Flash isn’t supported on Android anymore there presumably won’t be any updates for Android devices still capable of running Flash.
Naturally, Trend Micro also promotes its own security software, stating that any of its customers running Trend Micro Security, Worry-Free Business Security, OfficeScan, Deep Discovery, Deep Security and the Smart Protection Suites are protected against current attacks using this vulnerability.
Other anti-virus companies are presumably acting to provide protection against this exploit but none have contacted iTWire beyond Trend Micro to alert us of this, so if you’re not running a current and update version of Trend Micro you might want, at the very least, to get the free MalwareBytes anti-exploit software (linked above) onto your system.