Angler Exploit Kit has once again proved itself to be the most advanced exploit kit available today. As reported by Cisco, more than 10 000 malicious sub-domains were found on GoDaddy accounts. The reason for the extremely high number of affected GoDaddy accounts? The registrar authorizes at least a third of the domains on the web.
Angler Exploit Kit is one of the serious hacking tools that pose security threats at a greater level. As Enigma Software malware researchers have previously stated, Angler Exploit Kit is produced to search for Java and Flash Player vulnerabilities. If the latter is not available, the Angler kit hands a remote control exploit (CVE-2013-0074) that is known to affect the Microsoft plug-in Silverlight 5. The dangerous tool then uses these vulnerabilities in order to distribute malware infections. It is also known that Angler affects various browsers (Chrome, Firefox, Internet Explorer).
When Does the Angler Attack Start?
Once the user views a malicious ad, they are being redirected to a compromised subdomain, which sends them to a page providing an Adobe Flash or Microsoft Silverlight exploit.
The last victim of the exploit kit in question is GoDaddy – one of the largest domain registrars and web hosting companies worldwide. The attack itself poses a new technique, which is called domain shadowing.
How Does Domain Shadowing Work?
Domain shadowing is the process of exploiting users’ domain credentials in order to create lists of subdomains. Once the subdomains are at hand, there are two options – the user either ends up redirected to an attack site or becomes a victim of a malicious payload.
One may wonder how exactly their account may become a victim of domain shadowing. The answer is very simple – through phishing. In addition, users usually own more than one domain, so the attackers have plenty to exploit. In most cases the account owners have no idea what is going on.
The domain shadowing campaign proves to be a very effective technique since it’s very difficult to be stopped or detected. Blacklisting won’t help either – not only the victims’ domains are being rotated but also their IP addresses. Furthermore, malware experts have discovered that most of the subdomains are only active for a few minutes and reached just a couple of times.
Although Angler has been around for quite some time, it is not since December 2014 when it became so active, due to the domain shadowing high efficiency.
How to Remove Angler Exploit Kit Website 12 and 15
Spy Hunter FREE scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool. Find Out More About SpyHunter Anti-Malware Tool