Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Hundreds of GoDaddy Domains Exposed to Angler Exploit Kit Threat

Angler_exploit_kitAngler Exploit Kit has once again proved itself to be the most advanced exploit kit available today. As reported by Cisco, more than 10 000 malicious sub-domains were found on GoDaddy accounts. The reason for the extremely high number of affected GoDaddy accounts? The registrar authorizes at least a third of the domains on the web.

Angler Exploit Kit is one of the serious hacking tools that poses security threats at a greater level. As Enigma Software malware researchers have previously stated, Angler Exploit Kit is produced to search for Java and Flash Player vulnerabilities. If the latter is not available, the Angler kit hands a remote control exploit (CVE-2013-0074) that is known to affect the Microsoft plug-in Silverlight 5. The dangerous tool then uses these vulnerabilities in order to distribute malware infections. It is also known that Angler affects various browsers (Chrome, Firefox, Internet Explorer).

When Does the Angler Attack Start?

Once the user views a malicious ad, they are being redirected to a compromised subdomain, which sends them to a page providing an Adobe Flash or Microsoft Silverlight exploit.
The last victim of the exploit kit in question is GoDaddy – one of the largest domain registrars and web hosting companies worldwide. The attack itself poses a new technique, which is called domain shadowing.

How Does Domain Shadowing Work?

Domain shadowing is the process of exploiting users’ domain credentials in order to create lists of subdomains. Once the subdomains are at hand, there are two options – the user either ends up redirected to an attack site or becomes a victim of a malicious payload.

One may wonder how exactly their account may become a victim of domain shadowing. The answer is very simple – through phishing. In addition, users usually own more than one domain, so the attackers have plenty to exploit. In most cases the account owners have no idea what is going on.

The domain shadowing campaign proves to be a very effective technique since it’s very difficult to be stopped or detected. Blacklisting won’t help either – not only the victims’ domains are being rotated but also their IP addresses. Furthermore, malware experts have discovered that most of the subdomains are only active for a few minutes and reached just a couple of times.

Although Angler has been around for quite some time, it is not since December 2014 when it became so active, due to the domain shadowing high efficiency.

How to Remove Angler Exploit Kit Website 12 and 15

donload_now_250

Spy Hunter FREE scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool. Find Out More About SpyHunter Anti-Malware Tool

1. Remove/Uninstall Angler Exploit Kit
2. Restore the settings in your browser
3. Remove Angler Exploit Kit automatically with Spy Hunter Malware - Removal Tool.

Berta Bilbao

Berta is the Editor-in-Chief of SensorsTechForum. She is a dedicated malware researcher, dreaming for a more secure cyber space.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.