Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe's Latest Zero-Day Exploit Repurposed, Targeting Adult Websites

Posted by samzenpus on from the watch-what-you-watch dept.

MojoKid writes Adobe issued a patch for bug CVE-2015-0311, one that exposes a user's browser to become vulnerable to code injection, and the now infamous Angler EK (Exploit Kit). To fall victim to this kind of attack, all someone needs to do is visit a website with compromised Flash files, at which point the attacker can inject code and utilize Angler EK, which has proven to be an extremely popular tool over the past year. This particular version of Angler EK is different, however. For starters, it makes use of obfuscated JavaScript and attempts to detect virtual machines and anti-virus products. Its target audience is also rather specific: porn watchers. According to FireEye, which has researched the CVE-2015-0311 vulnerability extensively, this exploit has reached people via banner ads on popular adult websites. It was also noted that even a top 1000 website was affected, so it's not as though victims are surfing to the murkiest depths of the web to come in contact with it.

6 of 203 comments (clear)

  1. Something Suspicious by Anonymous Coward · · Score: 5, Interesting

    ... About Adobe's plug-in.

    How come such a relatively simple files - something that essentially plays media content - continues to be such a hot-bed of vulnerabilities. And not just bugs, but zero-day exploits too. Do I need a tinfoil hat? Or is it just a tad suspicious that this one product continues to have so many vulnerabilities found in it. After all this time. After all these previous bugs.

    Or is it the case that this is just yet another vector sponsored by the likes of the NSA or others, to infect machines of potential targets?

    This isn't an attempt to be flippant or to trash-talk Adobe. This is a serious question asked of a well-established software house and what must by now be one of the most heavily-scrutinised software packages in widespread use. Can anyone out these with specific knowledge of this product give us any insight as to why it is so regularly found to contain exploits? If we could look at the defect-per-thousand-lines-of-code, I am guessing that Adobe's products must be the worst in the industry... Can that really be the case?

  2. Re:Maybe if Adobe fixed their broken updater... by jandrese · · Score: 5, Interesting

    My favorite part is where the updater tells you that a new update is ready, but it won't install it automatically because Adobe needs another ad impression or something and you have to download and install it yourself. This is why I don't have Flash or Java installed anymore. I especially like when they try to sideload some crapware toolbar with their security update too. I can kind of understand this sort of behavior from a sketchy freeware app being hosted by J. Random Guy, but Oracle and Adobe are multimillion dollar corporations. Do they really care so little about their brand?

    --

    I read the internet for the articles.
  3. Re:Adblock, FTW by buchner.johannes · · Score: 2, Interesting

    Youtube just switched to HTML5 video by default, so perhaps we can uninstall Flash for good now!

    --
    NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
  4. Re:Adblock, FTW by Anonymous Coward · · Score: 3, Interesting

    or sites that don't seem to filter their own ads.

    Oh, you mean like Google Adsense? They've been known to run malicious ads on countless occasions.

  5. Re:Well I guess it's a good thing... by bmo · · Score: 3, Interesting

    But the reality is, most sites with ads are infested with literally dozens of third party crapware, places which sideload junk into your system (specifically through crap like Flash), and which want to collect collate and sell your private information.

    This.

    And you know what I've found out? The "serve ads" and "collate demographics to sell" industries have merged completely. There is probably nobody left that merely serves ads and doesn't track across websites. Go ahead and delete Adblock Plus and run /only/ Ghostery and Privacy Badger. You get nearly the exact same results as if you ran an adblocker that uses a popular list.

    Why Privacy Badger on top of Ghostery? Because it gets the things whitelisted by Ghostery. You didn't think that Ghostery was pure as the driven snow, did you?

    --
    BMO

  6. Re:Well I guess it's a good thing... by phantomfive · · Score: 4, Interesting

    Yeah, once again, compare the dross on the internet to the good things. Slashdot, Wikipedia, a bunch of corporate websites you can visit to learn about their company, restaurant websites, Linkedin seems to be a decent place to look for a job, ebay, amazon, some news websites. Slashdot and some news websites would die without advertising, but I would be willing to subscribe to those.

    Now look at all the negative stuff. Buzzfeed, wired.com, all those websites that spew crap in order to attract your eyeballs. Out of all of that, are there any websites that would die without advertising, which you would also not be willing to subscribe to?

    The only one I can think of is Facebook, and if that one died, it would only encourage a distributed model, where everyone essentially ran their own RSS feed for their friends to look at (or something similar).

    So let the advertising die, I say, the internet will be a better place for it.

    --
    "First they came for the slanderers and i said nothing."