As we look at the trends for February 2015, it becomes apparent that MALWARE attacks are front and center. The concerning item as we dig deeper on reported attacks is that they have a common thread. The majority of distribution appears to be originating from Angler EK, using Adobe Flash vulnerabilities CVE-2015-0310, CVE-2015-0311 and CVE-2015-0313 dropped in numerous ways. Through Malvertising links, through distributed Mobile Android Apps, and through Watering holes and directed links. After infection, the goal is to insert a Bedep Trojan and turn victim into botnet malvertiser, or more commonly reported, establish the Critroni Ransomeware.
Any version of Internet Explorer or Firefox with any version of Windows will get owned if Flash up to 16.0.0.287 (included) is installed and enabled. It is a good idea to disable flash player, use Chrome browser, disable JAVA, avoid use of Android Web APPS, Run EMET 5.1 on IE browsers, Run fully patched MS Windows 7 or 8.1 with a new version of Firefox (33 or newer) or Internet Explorer 11
No comments:
Post a Comment