Developers behind the Angler Exploit Kit have apparently added a new exploit over the last week that leverages a known vulnerability in Microsoft’s Silverlight browser framework.
Silverlight, similar to Adobe Flash, is Microsoft’s plug-in for streaming media on browsers and is perhaps most known for being used in Netflix’s streaming video service.
British-based security researcher Chris Wakelin discovered the Silverlight exploit last week and posted about it on Twitter via his @EKWatcher handle. From there an independent security researcher that goes by the name Kafeine picked it up, investigated Angler EK and described his findings on his blog Malware Don’t Need Coffee.
According to Kafeine the exploit kit usually checks to see if the system it’s deployed on has Java or Flash but can now check to see if has Silverlight installed. If it can’t exploit Java or Flash it delivers a remote control exploit (CVE-2013-0074) that targets Silverlight 5. The vulnerability was patched in March but users running Silverlight who haven’t yet patched the critical vulnerability are still at risk and would be best served to update their software.
Angler EK surfaced last month following the arrest of the Blackhole Exploit Kit’s creator Paunch in Russia. According to Kafeine, the same team behind the more souped-up Cool Exploit Kit, who also had ties to Blackhole, helped develop Angler and are also behind the popular Reveton ransomware.
Netflix has 40 million global subscribers that could potentially be vulnerable to the exploit since the service principally uses Silverlight for streaming media. The video streaming company has been making strides to ditch Silverlight for HTML5 over the past few months and while it introduced HTML5-support in Windows 8.1 and Internet Explorer 11 over the summer, the technology hasn’t been completely fleshed out yet on most browsers.