14 DAY TRIAL // Sometimes the Internet provides us with some extreme cases of irony. One of these cases is an editorial on cybercrime hosted on The Guardian's website, which was inadvertently spreading malware.
The discovery was made by FireEye's research team, who identified a malicious link on that article's page that was redirecting users to a malicious URL hosting the Angler Exploit Kit.
The Angler Exploit Kit is a Web-based utility toolbelt that hackers employ to test the defenses of a user's computer. They scan the user's PC for software known to have vulnerable versions, and if they find older installations of the software, they use that particular vulnerability to infect the user with one or more malware families.
Exploit kits are extremely popular these days, and in the third quarter of 2015, Angler was the exploit kit of choice for 30% of the Internet's cyber-criminals.
Criminals were leveraging an older Windows bug to infect users
In this particular case, visitors of The Guardian's website found themselves redirected to an Angler installation that would probe their PC for the presence of CVE-2014-6332, a Windows Object Linking and Embedding (OLE) Automation Remote Code Execution vulnerability, triggered through VBScript.
This particular vulnerability enabled a so-called "God Mode" on infected PCs, giving attackers control over every face of the user's machine.
Additionally, the Angler exploit kit would also scan for the Flash-based CVE-2015-5122, CVE-2015-5560, and CVE-2015-7645 vulnerabilities. These are less powerful intrusions compared to the Windows OLE one, but dangerous nevertheless.
All of the above vulnerabilities have been fixed by Microsoft and Adobe, and users who keep their systems up to date have nothing to fear while reading that particular editorial on "out of control cybercrime."
FireEye contacted The Guardian, who said they were working on fixing the contaminated links hosted on that article and a few other more.
