Hundreds of GoDaddy Domains Exposed to Angler Exploit Kit Threat - How to, Technology and PC Security Forum |

Hundreds of GoDaddy Domains Exposed to Angler Exploit Kit Threat

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Angler_exploit_kitAngler Exploit Kit has once again proved itself to be the most advanced exploit kit available today. As reported by Cisco, more than 10 000 malicious sub-domains were found on GoDaddy accounts. The reason for the extremely high number of affected GoDaddy accounts? The registrar authorizes at least a third of the domains on the web.

Angler Exploit Kit is one of the serious hacking tools that pose security threats at a greater level. As Enigma Software malware researchers have previously stated, Angler Exploit Kit is produced to search for Java and Flash Player vulnerabilities. If the latter is not available, the Angler kit hands a remote control exploit (CVE-2013-0074) that is known to affect the Microsoft plug-in Silverlight 5. The dangerous tool then uses these vulnerabilities in order to distribute malware infections. It is also known that Angler affects various browsers (Chrome, Firefox, Internet Explorer).

When Does the Angler Attack Start?

Once the user views a malicious ad, they are being redirected to a compromised subdomain, which sends them to a page providing an Adobe Flash or Microsoft Silverlight exploit.
The last victim of the exploit kit in question is GoDaddy – one of the largest domain registrars and web hosting companies worldwide. The attack itself poses a new technique, which is called domain shadowing.

How Does Domain Shadowing Work?

Domain shadowing is the process of exploiting users’ domain credentials in order to create lists of subdomains. Once the subdomains are at hand, there are two options – the user either ends up redirected to an attack site or becomes a victim of a malicious payload.

One may wonder how exactly their account may become a victim of domain shadowing. The answer is very simple – through phishing. In addition, users usually own more than one domain, so the attackers have plenty to exploit. In most cases the account owners have no idea what is going on.

The domain shadowing campaign proves to be a very effective technique since it’s very difficult to be stopped or detected. Blacklisting won’t help either – not only the victims’ domains are being rotated but also their IP addresses. Furthermore, malware experts have discovered that most of the subdomains are only active for a few minutes and reached just a couple of times.

Although Angler has been around for quite some time, it is not since December 2014 when it became so active, due to the domain shadowing high efficiency.

How to Remove Angler Exploit Kit Website 12 and 15


Spy Hunter FREE scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool. Find Out More About SpyHunter Anti-Malware Tool

1. Remove/Uninstall Angler Exploit Kit
2. Restore the settings in your browser
3. Remove Angler Exploit Kit automatically with Spy Hunter Malware - Removal Tool.

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share