Angler Exploit Learns New Tricks, Finds Home On Popular Website

February 26, 2016 – 8:28 PM

Researchers report Angler Exploit Kit attacks have become more brazen and are now targeting top websites with new tricks that can evade browser-based antimalware protection. Karl Sigler, a SpiderLabs researcher at Trustwave, told Threatpost his lab found the Angler Exploit Kit on a popular website for the second time in a week, exposing just under million visitors monthly to possible TeslaCrypt ransomware infections. Sigler said Trustwave researchers spotted the exploit on Extendoffice[.]com, a site that sells software for customizing Microsoft Office software applications.

A number of things stuck out as unique about this iteration of Angler Exploit Kit, according to Trustwave. One was the fact that attackers were targeting a destination site as opposed to a random webpage that had traffic driven to it via phishing attacks, Sigler said. According to site analysis tool, Extendoffice attracted 963,000 unique visitors in January. “That many not seem like a lot of traffic for a website, but for a watering-hole attack, they hit the jackpot,” Sigler said.


You must be logged in to post a comment.