Angler Exploit Kit: The #1 Cyber Menace

Angler Exploit Kit is the biggest and most aggressive exploit kit today. Although it emerged back in 2013, it has never been as strong as it is now. Malware researchers estimate that 90,000 victims could be targeted by the infections associated with it every single day, which might add up to more than $34 million in profit every year. Unfortunately, this exploit kit is practically unstoppable, and computer users could become victims even if they took all of the security measures available. Of course, some users are more “susceptible” to malware associated with this exploit kit than others. Fortunately, there are things that users can do to keep malware away and ensure virtual protection. We discuss this, as well as other important things, in this report.

How does Angler Exploit Kit work?

It was found that Angler Exploit Kit uses different methods to initiate attacks. It is estimated that 75% of all exploits are associated with Adobe Flash vulnerabilities. The remaining quarter is distributed between the Internet Explorer and Silverlight vulnerabilities. According to our researchers, CVE-2013-2551, CVE-2015-0310, CVE-2015-0311, CVE-2015-0313, CVE-2015-0315, and a number of other vulnerabilities could be used to execute Angler Exploit Kit attacks. If users keep up with the latest security updates, vulnerabilities that cyber attackers could use will be patched in time. Unfortunately, this exploit kit successfully exploits zero-day vulnerabilities as well. These kinds of vulnerabilities are unknown, and they are exploited before patches are created. Needless to say, users are helpless against this kind of activity.

Once Angler Exploit Kit injects malicious codes (e.g., into JavaScript, Flash, HTML, etc.), it initiates malvertising (malicious advertising) and ransomware attacks. It is believed that over 60% of all attacks associated with this exploit kit are ransomware-related. It was found that this kit is responsible for the attacks of Teslacrypt, Kovter, Torrentlocker, and other ransomware infections. Teslacrypt, for example, encrypts personal files and disables (temporarily) Windows utilities to convince users to pay a ransom in return of file decryption. Kovter, on the other hand, locks the computer to initiate automated ad-clicking to make money silently. All in all, whatever kind of malware Angler Exploit Kit is associated with, its main function is to generate profit.

Why is Angler Exploit Kit unstoppable?

Angler Exploit Kit was created to circumvent security systems, but that is not the only way that it keeps itself alive. It was found that it uses the domain shadowing process, which includes recording the credentials of private domain accounts and creating sub-domains that redirect to landing pages associated with exploits. Users are exposed to these sub-domains via malicious ads injected into the websites they visit. Needless to say, these drive-by download attacks are used for the infiltration of malicious software (e.g., ransomware). It was found that the so-called health-monitoring servers are employed to remove log-files to make the source of infection untraceable. What is more, the sites employed to expose users to the Angler Exploit Kit are used only a few times to make traffic inconspicuous.

Can you avoid encountering Angler Exploit Kit?

As mentioned before, users must patch all security vulnerabilities that could be exploited by Angler Exploit Kit. If you do not miss and postpone updates, you will minimize the risks of becoming the next victim. Of course, the most important role belongs to you. If you click on random ads and links, download unfamiliar software, open spam email attachments, and get involved in other risky activity, you could be exposed to exploits even if you stay on top of your security updates. Our recommendation is to install legitimate, up-to-date security software that could block access to malicious sites and eliminate malware, install updates, and act cautiously when browsing the web. Overall, your virtual security is in your hands, and it is up to you to take care of it.

Leave a Comment

Enter the numbers in the box to the right *