Drive-by exploit kit bypasses Microsoft EMET protections

By on
Drive-by exploit kit bypasses Microsoft EMET protections

Angler gets around DEP, ASR, EAF and other mitigations.

Malware writers have updated the widely-used Angler exploit kit to bypass Microsoft's Enhanced Mitigation Experience Toolkit (EMET), which is used to prevent software vulnerabilities from being exploited. 

Angler is used to deploy ransomware such as TeslaCrypt via booby trapped Adobe Flash and Microsoft Silverlight ads in drive-by attacks.

Organisations deploy EMET to protect vulnerable, unpatched software from attacks. 

The vulnerabilities primarily target users of Microsoft's older Windows 7 operating system. 

Researchers from security vendor FireEye, who analysed new variants of Angler, have discovered that the malware now contains code to get around EMET protections. 

Using sophisticated coding techniques, the updated Angler malware is now able to evade memory protection measures to exploit vulnerable Adobe Flash and Microsoft SIlverlight installations on users' machines. 

Protections that have been bypassed include Data Execution Prevention (DEP), Address Space Randomisation (ASR), and Export Address Table filtering, among many others. 

The researchers suggest organisations quickly patch Adobe Flash Player, Java and web browsers to mitigate against the bypass of protection technologies. 

Disabling web browser plugins for Flash and Silverlight should also make users less vulnerable to attacks. 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Log In

Username / Email:
  |  Forgot your password?