2014-11-20 - Exploit Integration

CVE-2014-8440 (Flash up to and Exploit Kits

Once again that's fast. Nine day (or less?) after patch

the vulnerability is being exploited in blind mass attack. No doubt about it : the team behind Angler is really good at what it does.

Angler EK :

Thanks Anton Ivanov ( Kaspersky )  for CVE identification.

CVE-2014-8440 successfully exploited by Angler EK
I won't go in details.
The Sample is : 8181b7da3a53a7a6c1d23f852e85c446
Two Fiddler (Firefox and IE) pushed on VT : Fiddler_Angler_CVE-2014-8440_Password_is_malware.zip

[Edit : 2014-11-26]
This CVE that was used only in a specific (VIP?) Angler instance has been propagated to all Angler EK threads with 02d48a05c15f55a085be296ed12a5ed7 this afternoon.