Angler Exploit Learns New Tricks, Finds Home On Popular WebsiteFebruary 26, 2016 – 8:28 PM
Researchers report Angler Exploit Kit attacks have become more brazen and are now targeting top websites with new tricks that can evade browser-based antimalware protection. Karl Sigler, a SpiderLabs researcher at Trustwave, told Threatpost his lab found the Angler Exploit Kit on a popular website for the second time in a week, exposing just under million visitors monthly to possible TeslaCrypt ransomware infections. Sigler said Trustwave researchers spotted the exploit on Extendoffice[.]com, a site that sells software for customizing Microsoft Office software applications.
A number of things stuck out as unique about this iteration of Angler Exploit Kit, according to Trustwave. One was the fact that attackers were targeting a destination site as opposed to a random webpage that had traffic driven to it via phishing attacks, Sigler said. According to site analysis tool Compete.com, Extendoffice attracted 963,000 unique visitors in January. “That many not seem like a lot of traffic for a website, but for a watering-hole attack, they hit the jackpot,” Sigler said.