In a somewhat surprising turn of events, a blog posted by the technical lead of Cisco’s threat research group Levi Gundert on Monday has suggested that the number of attacks and hacks targeted at Microsoft’s personalized web video player platform Silverlight has skyrocketed in recent months, nearly eclipsing the efforts launched against more common targets like Java and Adobe Flash.
This recent rise is most easily attributed to the Angler exploit, which first hit the scene in late April and has since taken the code cracking community by storm after making its way into the computers of nearly 30,000 machines and growing.
It’s not just a random fluke that many of the most popular video portals are specifically targeted and championed by blackhats from around the world, as the dense code and complex architecture that helps popular video viewers like Netflix run at a smooth 60 fps on laptops and desktops which predate the streaming service itself can often come packed with loopholes, missed lines of code, and plain lazy security which make them a hotbed for criminal and illicit activity.
Originally, Angler relied on two remotely executable codes in order to successfully penetrate the PC of unsuspecting viewers, CVE-2013-0074 and CVE-2013-3896. The former was a way to initially gain access to a machine through escalated user rights, whereas the latter was meant to trick the data execution prevention system, a vital piece of what keeps Microsoft users safe in the uncertain virus landscape of 2014.
Angler utilizes corrupted ad banners to distribute its code and spread to as many networks as it can while knowledge of the bug is still low. Browser extensions like AdBlockPlus are a perfect way to prevent this type of content from getting the necessary permissions to launch on your computer, effectively stopping the exploit where it stands and keeping your data safe to live and breathe for at least another day.
“We should expect these existing Silverlight exploits to proliferate through other exploit pack families in the near future as threat actors copy code from each other and release updates,” Gundert wrote. “Silverlight exploits are also ideal because Silverlight continues to gain rich Internet application market share, perhaps surpassing Java, and Microsoft’s life cycle schedule suggests Silverlight 5 will be supported through October, 2021.”
By comparison, Java has uncharacteristically seen the number of infections it its own software plummet, as the new requirement for users to click a button before the applet launches has proven itself a worthy adversary to the hundreds of hackers who used to make their entire monthly income off the shortcomings that developers close to the project were constantly scrambling to patch.
To be sure you aren’t affected by Angler, take necessary precautions and always be sure your Silverlight, Java, and Flash programs are updated and running on a machine that’s been cleaned of any infections within the past few days or less.
Angler can only run if the user gives it permission, so never click on any links, downloads, or email attachments you don’t explicitly recognize beforehand.