Just two days ago a third zero-day was reported which was being exploited by cybercriminals to serve malvertisements to the victims which then go on to install a malware. The vulnerability was discovered by Trend Micro Labs and is being actively exploited in drive-by-download attacks that target systems running Flash Player under Internet Explorer or Mozilla Firefox on Windows 8.1 and below, Adobe said in a security advisory published on Monday. The vulnerability, which is designated as CVE-2015-0313 affects Flash Player on all supported platforms: Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Mac OS X; Adobe Flash Player 13.0.0.264 and earlier 13.x versions; and Adobe Flash Player 11.2.202.440 and earlier versions for Linux. Yesterday, Trend Micro Labs discovered that the same zero-day vulnerability was being exploited by cybercriminals to infect systems with a dangerous BEDEP malware variant. The discovery was reported on Trend Micro Labs blog by research engineer Alvin Bacani who has stated that hackers began targeting the zero-day within 5 days of its discovery. Trend Micro reported uncovering the Flash flaw on 2 February, warning that attackers could target victims with malvertising attacks. While Trend Micro Lab researchers originally believed that the zero-day was being exploited by hackers using the Angler Exploit Kit to send malicious automatic pop-up adverts further research proved that the hackers were infecting the victims with the vicious BEDEP variant. Bacani has explained on the blog post that BEDEP employs the same malvertising infection tactic, but uses the Hanjuan exploit kit to connect victim machines to a criminal botnet. Trend Micro Labs researchers dont know the full scale of this campaign because of the very nature of the BEDEP malware makes tracking the attacks difficult. “The fact that the payloads are encoded can be seen as one way of evading detection. An encoded payload will be difficult to identify when passing through the network layer, or when scanned in any layer in an encoded state,” noted Bacani. “BEDEP initially came undetected and unnoticed due to its heavy encryption and use of Microsoft file properties for its disguise as well as the use of seemingly legitimate export functions,” he added. It was also reported that video sharing website, Dailymotion was being used to infect its users with malware but Dailymotion has issued a statement saying that it wasn’t affected by the Flash Player zero-day. Adobe said the February 5 patch batch addresses 18 CVE-listed vulnerabilities in Adobe Flash Player. Users and Techworm readers are requested to upgrade their Flash Players as soon as possible. The details of updates are given below :
Adobe Flash Player for Windows and OS X should be updated to Adobe Flash Player 16.0.0.305. Adobe Flash Player Extended Support Release should be updated to Adobe Flash Player 13.0.0.269. Adobe Flash Player for Linux should be updated to Adobe Flash Player 11.2.202.442.
Google Chrome users please note that your Flash Player along with Internet Explorer in Windows 8/8.1 will be automatically update to version 16.0.0.305. If you see the following notification in your Firefox, you should immediately press update now.
