You are viewing our Forum Archives. To view or take place in current topics click here.
Netflix Users Targeted by Microsoft Silverlight Exploits
Posted:
Netflix Users Targeted by Microsoft Silverlight ExploitsPosted:
Status: Offline
Joined: Jul 19, 201112Year Member
Posts: 530
Reputation Power: 29
Status: Offline
Joined: Jul 19, 201112Year Member
Posts: 530
Reputation Power: 29
Netflix, the worlds largest Internet Video Subscription service with more than 35.7 million customers in U.S alone, that runs on the Microsoft Silverlight platform, has now become a popular target for cybercriminals, as public awareness of Java and Flash flaws is increasing.
Silverlight is a Microsofts plug-in for streaming media on browsers, similar to Adobe Flash Player, that handles multimedia contents on Microsoft Windows and Mac OS X Web Browsers, and is popularly known for being used in Netflixs streaming video service.
But, Netflix isn't the only service that works on Silverlight, many other multimedia services supports Silverlight.
Malware and Exploit Kit developers are targeting Silverlight users as they aren't aware of the increasing proliferation of malware for the platform. Silverlight vulnerabilities are mostly exploited using drive-by download attacks to compromise victims computers with malware, especially through malicious ads.
A recent Angler Exploit Campaign has been spotted by the Cisco researcher spiked since April 23, targeting Microsofts Silverlight by imposing the exploits on the infected systems. The Exploit Kit in this campaign also hosts exploits for Flash and Java, but it doesn't trigger them, which at a time was one of the widely targeted platform by the exploit kits developers.
"Exploit kit owners are adding Silverlight to their update releases, and since 23 April we have observed substantial traffic - often from malvertising - being driven to Angler instances partially using Silverlight exploits," said Gundert, the lead threat researcher at Cisco.
The cyber criminals are infiltrating the Advertising Networks with malvertising to redirect victims to the hundreds of malicious websites hosting the Angler Exploit Kit, where the actual attack comes into play by silently launching Silverlight exploits against the infected system.
[ Register or Signin to view external links. ]
Exchange-flow.png[/img]
Till now, The Exploit Kit (EK) developers were targeting the vulnerabilities in Adobe Flash and Oracle Java, but as the public awareness and pathing efforts of both the two firms has increased, the malware developers have switched to the Microsofts Silverlight.
Java and Flash have been heavily exploited over the years, and vendors are getting good at writing engines that detect vulnerabilities in those libraries, said the Cisco researcher Craig Williams. Silverlight has not been exploited much. There are some limited CVEs, but few are widespread. What we may be seeing here is a tipping point where Java exploits are being detected and what other formats can hackers take advantage of.
[ Register or Signin to view external links. ]
Levi Gundert , Technical lead at Cisco Threat Research observed that the Angler campaign exploits two known Silverlight vulnerabilities i.e.
CVE-2013-0074 - which gives attackers the ability to remotely execute malicious code
CVE-2013-3896 - it allows to bypass Data Execution Prevention (DEP), a security mitigation added to most Microsoft applications.
Article here: [ Register or Signin to view external links. ]
Silverlight is a Microsofts plug-in for streaming media on browsers, similar to Adobe Flash Player, that handles multimedia contents on Microsoft Windows and Mac OS X Web Browsers, and is popularly known for being used in Netflixs streaming video service.
But, Netflix isn't the only service that works on Silverlight, many other multimedia services supports Silverlight.
Malware and Exploit Kit developers are targeting Silverlight users as they aren't aware of the increasing proliferation of malware for the platform. Silverlight vulnerabilities are mostly exploited using drive-by download attacks to compromise victims computers with malware, especially through malicious ads.
A recent Angler Exploit Campaign has been spotted by the Cisco researcher spiked since April 23, targeting Microsofts Silverlight by imposing the exploits on the infected systems. The Exploit Kit in this campaign also hosts exploits for Flash and Java, but it doesn't trigger them, which at a time was one of the widely targeted platform by the exploit kits developers.
"Exploit kit owners are adding Silverlight to their update releases, and since 23 April we have observed substantial traffic - often from malvertising - being driven to Angler instances partially using Silverlight exploits," said Gundert, the lead threat researcher at Cisco.
The cyber criminals are infiltrating the Advertising Networks with malvertising to redirect victims to the hundreds of malicious websites hosting the Angler Exploit Kit, where the actual attack comes into play by silently launching Silverlight exploits against the infected system.
[ Register or Signin to view external links. ]
Exchange-flow.png[/img]
Till now, The Exploit Kit (EK) developers were targeting the vulnerabilities in Adobe Flash and Oracle Java, but as the public awareness and pathing efforts of both the two firms has increased, the malware developers have switched to the Microsofts Silverlight.
Java and Flash have been heavily exploited over the years, and vendors are getting good at writing engines that detect vulnerabilities in those libraries, said the Cisco researcher Craig Williams. Silverlight has not been exploited much. There are some limited CVEs, but few are widespread. What we may be seeing here is a tipping point where Java exploits are being detected and what other formats can hackers take advantage of.
[ Register or Signin to view external links. ]
Levi Gundert , Technical lead at Cisco Threat Research observed that the Angler campaign exploits two known Silverlight vulnerabilities i.e.
CVE-2013-0074 - which gives attackers the ability to remotely execute malicious code
CVE-2013-3896 - it allows to bypass Data Execution Prevention (DEP), a security mitigation added to most Microsoft applications.
Article here: [ Register or Signin to view external links. ]
You are viewing our Forum Archives. To view or take place in current topics click here.