Hackers are using an exploit kit other than Angler to target the third Adobe Flash zero-day since the start of the year, according to several security researchers.
Analysts found the attack patterns more closely fitted the HanJuan exploit kit than Angler, with the flaw said to be in use by hackers to place malicious adverts onto sites such as video platform Dailymotion, New York Daily News and news site The Blaze.
Brooks Li, a threat analyst at Trend Micro, wrote on the firm’s blog: "The [HanJuan] exploit kit is very much directed towards capturing US traffic from a specific domain, via a specific ad platform.
"While it would be difficult to identify the exact exploit kit used in this specific run, based on clues from the domain/IP, the upper level HTML and the history of the exploit kit, I think it is reasonable [to conclude HanJuan is responsible]."
The link to HanJuan was originally discovered by Kafeine, an independent security analyst who has been involved in studying all three of the recent unpatched Adobe Flash bugs.
Since discovery of the bug, Adobe has acknowledged its existence and promised to issue a patch shortly, but researchers say that users can defend themselves through several measures.
"Since this is an active (and unpatched) threat, we advise extreme caution," a report from Malwarebytes said. "Disabling Flash mitigates the risk but also degrades the browsing experience dramatically."
Li added that her company had tested the exploit against Google Chrome’s sandbox, finding that the security tool neutralised the threat.
