Angler named ‘most advanced’ exploit kit on market

The Angler exploit kit has been named the "most advanced" malware of its kind, according to a report by the security vendor Websense.

Among its attributes the malware is claimed to have "unique" obfuscation abilities, can download encrypted malware to victims’ machines, and can also perform fileless infections – in a combination that makes it hard to combat.

Abel Toro, security researcher at Websense, said: "Angler EK is possibly the most sophisticated exploit kit currently used by cyberciminals."

"It has pioneered solutions that other exploit kits started using later, such as antivirus detection and encrypted dropper files."

Angler was said to avoid antivirus detection by downloading malware from its memory rather than writing it to the hard drive, exploiting the fact traditional antivirus can only scan the file system.

The virus has also been noted for its speedy exploitation of unpatched "zero-day" flaws such as those plaguing Adobe Flash of late, and is said to use "unique obfuscation" that can detect virtualisation tools and encrypt URL paths in a basic fashion.

"Angler Exploit Kit is no doubt one of the most dangerous exploit kits out there in the wild today," Toro said. "The constantly evolving nature of Angler also highlights the need for security solutions that provide protection across the entire kill chain instead of only focusing on just one stage of it."

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing