Home > Cyber News > Attack Involves Silverlight Exploit CVE-2016-0034, Angler EK, and TeslaCrypt

Attack Involves Silverlight Exploit CVE-2016-0034, Angler EK, and TeslaCrypt

shutterstock-malwareMicrosoft Silverlight vulnerabilities have already begun transforming into the next big issue in cyber security. Even though they haven’t been used in many attacks, Silverlight flaws have the potential to be quite damaging.

Having said that, attacks based on a MS Silverlight flaw, CVE-2016-0034, have been just discovered in the infamous Angler exploit kit.

CVE-2016-0034 Official Description (from cve.mitre.org):

Q Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka “Silverlight Runtime Remote Code Execution Vulnerability.”

More Details about CVE-2016-0034

Interestingly enough, the vulnerability affects both Windows and Mac, enabling attackers to hijack these systems, if a user is logged in as an admin. The vulnerability was first detected by the research team at Kaspersky Lab. The security vendor has already raised a red flag about Silverlight.

More on the Subject in Our Silverlight Article from January

The Angler EK, on the other hand, has been widely used in attack scenarios, especially after Blackhole diminished from the malware scene. Angler has been mentioned in multiple infection cases, particularly ones involving the distribution of ransomware. Angler has been ‘registered’ on countless landing pages, waiting for potential victims to click on malicious links (typically spread in spam emails), and download its package.

Check Out Our Article about Exploit Kits

Essentially, what Angler does to perform a successful attack is apply anti-sandbox checks and locate browser vulnerabilities. And here we get to the part involving MS Silverlight. Just few days ago, Kafeine noticed that the Angler EK now has some code associated with Silverlight.

To no one’s surprise, the malware brought by the Silverlight exploit is already infamous TeslaCrypt ransomware.

Learn More about TeslaCrypt Ransomware

Even though security experts observe an increase in attacks involving Silverlight flaws, the market share of the development tool is still quite small. Nonetheless, it is intriguing why the malicious coders decided to implement CVE-2016-0034 in their code.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share