Angler Exploit Kit – Operating at the Cutting Edge

From Botnets.fr
Revision as of 22:18, 7 February 2015 by Eric.freyssinet (talk | contribs) (Created page with "{{Publication |ExploitKit=Angler, |Year=2015 |Date=2015-02-05 |Editor=Websense |Link=http://community.websense.com/blogs/securitylabs/archive/2015/02/05/angler-exploit-kit-ope...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

Angler Exploit Kit – Operating at the Cutting Edge
Botnet
Malware
Botnet/malware group
Exploit kits Angler
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2015 / 2015-02-05
Editor/Conference Websense
Link http://community.websense.com/blogs/securitylabs/archive/2015/02/05/angler-exploit-kit-operating-at-the-cutting-edge.aspx (Archive copy)
Author Abel Toro
Type Blogpost

Abstract

As we promised in one of our previous blog posts about exploit kits (Nuclear EK), we are going to take a more in-depth look at Angler Exploit Kit. Angler EK is possibly the most sophisticated exploit kit currently used by cyberciminals. It has pioneered solutions that other exploit kits started using later, such as antivirus detection and encrypted dropper files. In addition, Angler tends to be the quickest to integrate the latest zero days, such as the Adobe Flash zero day (CVE-2015-0311) from a few weeks ago, and it employs a notably unique obfuscation. Finally, Angler runs the dropped malware from memory, without ever having to write to the hard drive; this unique technique among exploit kits makes it extremely difficult for traditional antivirus technologies to detect it as they rely on scanning the file system.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2015BFR1414,
   editor = {Websense},
   author = {Abel Toro},
   title = {Angler Exploit Kit – Operating at the Cutting Edge},
   date = {05},
   month = Feb,
   year = {2015},
   howpublished = {\url{http://community.websense.com/blogs/securitylabs/archive/2015/02/05/angler-exploit-kit-operating-at-the-cutting-edge.aspx}},
 }