Adobe Flash users hit by Angler Exploit Kit

An unpatched bug in Adobe Flash is being targeted by the Angler Exploit Kit, according to several security researchers.

Compromised machines are said to be roped into a malicious network via Bedep malware, which continues to drop further viruses on the machine as well as help distribute malware to other computers.

Jerome Segura, senior security researcher at Malwarebytes, wrote on his firm’s blog: "Flash has been plagued with critical vulnerabilities in the past few months and surpassed the no longer popular Java as the most exploited plugin."

He added that victimised machines were also being used for advertising fraud through the sending of false requests to ad networks.

"The criminal crew behind Angler Exploit Kit demonstrated have already exploited flaws in the past," Pierluigi Paganini, CISO at ID security firm Bit4ID, said in a report.

"In particular its members have always used exploits for freshly patched Flash vulnerabilities."

The bug was originally discovered by the independent security researcher Kafeine, who claimed that the flaw was not being exploited in all cases of Angler.

Users running some version of Internet Explorer on Windows XP, 7 and 8 were said by the researcher to be vulnerable to the flaw, though Windows 8.1 and Google Chrome are thought to be immune from the problem.

"Disabling Flash player for some days might be a good idea," he added.

Adobe has said it is aware of the exploit kit and is looking into the matter.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing