This article is more than 1 year old

Net scum respect their elders so long as it leads to p0wnage

Shiny new Angler exploit kit and mothballed macroviruses top attack charts

Net scum are employing both cool new attacks like the Angler exploit kit and oldies-but-goodies such as macroviruses in their undergoing something of a generational clash, with Cisco reporting both Word macros and the sophisticated Angler exploit kit are the most popular attack vectors this year.

Blackhats dumped macros as an attack vector after Microsoft deactivated the Word document scripting by default way back in 2006.

The vector is now back in vogue used in daily attacks as attackers go to some length to convince users to re-activate macros and ignore security warnings before running their malicious code.

"The upswing in the use of Microsoft Office macros to deliver banking trojans shows the convergence of two trends in the world of online criminals: resurrecting old tools or threat vectors for reuse, and changing the threat so quickly and frequently that they can relaunch attacks over and over again and evade detection," Cisco says in its mid year threat report [pdf].

"Using social engineering techniques, bad actors can persuade users to turn on macros, thereby adding a new tactic to their toolboxes."

The Borg reports Dridex trojan slingers have ramped up the macro mayhem this year and are now releasing Word-popping documents on a daily basis.

Malware variants are mutated every few hours, often leaving anti-virus tools struggling in the wake of the new releases.

Other hackers prefer the Angler exploit kit which has dominated in recent history having won the marketplace battle in the wake of BlackHole which crumbled after its author was arrested in 2013.

Since then the exploit kit has consolidated and consistently and rapidly woven in exploits for the latest browser and runtime vulnerabilities including those from Internet Explorer and the record-breaking 62 Adobe Flash flaws revealed this year.

Angler also sports sophisticated encryption which provides its regular CryptoWall ransomware payload with the ability to remain undetected for days, the Borg says.

The report details several Angler exploit kit techniques suggesting the authors are so adept that they rely on data science to create sophisticated web pages through which users redirected from malvertising are compromised.

The Nuclear exploit kit is another popular offering which competes with a similar degree of sophistication. ®

More about

TIP US OFF

Send us news


Other stories you might like