Malware News: CVE-2016-1019 Zero-Day Flash Exploit: Malware Is as Malware Does
(With thanks to Lastline Director of Sales Engineering Dan Mathews for the heavy lifting.)
Within the last couple of weeks, the blogosphere has reported on a new Magnitude Exploit Kit campaign, which was recently confirmed as leveraging a zero-day Flash exploit. Adobe Flash Player 184.108.40.206 and earlier is vulnerable; the flaw allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, and has been observed to deliver Cryptowall 3.0 ransomware. While an earlier patch mitigated the behavior somewhat, Adobe was forced to release an emergency patch.
There’s a good behavioral analysis of the vulnerability and attack chain here, thanks to the folks at Proofpoint. Unlike many of our other malware posts, where we show the Lastline Labs analysis of attacks, that’s not what’s on my mind here. Instead, let’s talk about why you deploy an advanced malware protection solution. I’ll give you a hint: the answer is in the previous sentence. Protection.
Lastline customers can be assured that they have been protected from the very first observation of the zero-day, though we had never seen the code before. Detonation of samples in Lastline’s sandbox produced the result one would hope: it showed characteristic behaviors of malware, so it was scored as highly malicious. (In fact, five different samples were all scored as 100 out of 100.)
Here are links to the five samples we tested, and the details of the analysis tasks:
What is most significant here is that Lastline does not yet have a exploit signature match for this newly published CVE. In spite of the fact that we did not have explicit detection of the Flash 0-Day, Lastline is able to detect other behaviors which are required to successfully deliver the exploit and gain a foothold on the system.
Pivoting to the detailed analysis report, we can see a few of these detected behaviors:
Detailed Analysis task link here.
Latest posts by Lastline (see all)
- Choosing a VPN for Added Internet Security - March 23, 2020
- Emergency response: How construction companies should react to a hack - March 11, 2020
- Spam Campaign Leverages IQY Files to Distribute Paradise Ransomware - March 11, 2020