We often warn our readers about the various threats in the cyber space. Your computer can be compromised even by entering a legitimate, popular website visited on a regular basis. Malicious actors often attack such pages as part of bigger attack scenarios, and hours can pass before the attack is discovered and users are informed.
A bad situation of the sort has happened to The Independent. More precisely, the website’s WordPress-based blog section has been invaded, as reported by Trend Micro. Other WordPress sites may also be currently targeted by bad actors.
Angler Exploit Kit, Cryptesla 2.2.0 Ransomware Spread in the Attack
The security company has reported that the attack has started on the 21st of November. The compromised web page has been delivering the infamous Angler exploit kit and Cryptesla 2.2.0, also known as TeslaCrypt. The vulnerability inflicted in the malicious scenario was identified as CVE-2015-7645.
This is the official description of the particular security flaw, published by CVE Mitre:
Quote Adobe Flash Player 18.x through 22.214.171.124 and 19.x through 126.96.36.199 on Windows and OS X and 11.x through 188.8.131.525 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.
Learn More about Vulnerabilities and Security Breaches
According to researchers, CVE-2015-7645 has been officially added to Angler EK’s repertoire. Most likely, the vulnerability is being used in other malicious attacks as well.
The Attack Explained
The attack was most likely initiated by clicking on a malicious advertising. We have seen multiple malvertising campaigns throughout 2015, many of them spreading ransomware. Users should be extra cautious and think deeply about their systems’ security, as we are currently in the eye of a ransomware storm. Moreover, 2016 malware predictions point that ransomware will not be put to rest any time soon.
A statement by The Independent has been released saying that their WordPress-based blog section is rarely visited, consisting of less than 0.2 per cent from the total online audience. The Independent also claims that there is no evidence about visitors affected by the malicious campaign. Nonetheless, the media is currently analyzing their third-party ad suppliers.
According to Trend Micro’s report, 4,000 redirects to Angler EK happen every day across its whole network.
Angler Exploit Kit Hits Again
As we have already written, Angler has first appeared on the malware horizon in the end of 2013. Since its first appearance, Angler has grown in size and span. It is considered one of the most aggressive exploit kits that successfully evades detection and has various components. For example, researchers at Sophos reported a large number of Angler-infected landing pages in the spring of 2015.
Learn more about Exploit Kit Malicious Campaigns and Protection
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter