14 DAY TRIAL // A set of four vulnerabilities have been seen to be the aim of most exploit kits (EKs) this year, one for the Silverlight web browser plug-in, two for Adobe Flash Player, and one affecting Internet Explorer.
One would expect exploit kits to take advantage of more recent security glitches, but many users do not apply the latest updates for browser components, or even for the browser itself, and leave the door open to attacks.
Old or new, vulnerabilities permit arbitrary code execution
As such, in 2014, only the security flaws for Flash Player were more recent, as in the case of Silverlight and IE weaknesses discovered in 2013 seemed to suit cybercriminals just fine.
In the list created by researchers at Trend Micro, it’s notable the absence of Java vulnerabilities, which are no longer presenting interest because of the click-to-play policies implemented by default in web browsers.
An exploit for a vulnerability in Internet Explorer is currently included in all EKs analyzed by Trend Micro. The flaw is identified as CVE-2014-2551 (use-after-free) and affects versions 6 through 10 of the Microsoft web browser.
By taking advantage of it, a remote attacker would be able to execute arbitrary code remotely on the affected machine through a website that triggers access to a deleted object. The EKs including the exploit are Nuclear, Sweet Orange, FlashPack, RIG, Angler, Magnitude, Fiesta, and Styx.
The two vulnerabilities most targeted through EKs for Adobe Flash Player are CVE-2014-0515 (buffer overflow) and CVE-2014-0569 (integer overflow). Each of them is included in six out of the eight malicious kits analyzed by the researchers, and affect both Windows and OS X users by allowing an attacker to execute arbitrary code via unspecified vectors.
The Silverlight exploit is available in five kits and takes advantage of improper validation of pointers during HTML object rendering, also leading to arbitrary code execution, using a specially crafted Silverlight application.
EK authors have improved their tools
Although the list creates an image of the browser components cybercriminals seek to leverage in attacks, it also draws attention to the importance of keeping all software on the computer up-to-date. Applying the latest updates should be done as soon as they become available in order to lower the chances of infecting the computer.
Trend Micro security experts also emphasize that cybercriminals have improved their software to maximize the success rate and are now able to determine the browser platform, as well as the plug-ins installed on the targeted computer, in order to deliver the appropriate exploit kit.
In some cases, there are even routines that can detect the security software protecting the machine. This way, if a solution known to identify the threat is discovered, the exploit kit stops its activity, making detection much harder.