Security News Angler Exploit Kit Finds a Method to Escape Microsoft's EMET Security Toolkit

A

Alkajak

Thread author
FireEye security researchers say they've found Angler exploit kit installations capable of evading some of the security protections provided by the Microsoft EMET toolkit on Windows 7.

EMET stands for Enhanced Mitigation Experience Toolkit and is a lesser known security product provided by Microsoft that was designed to add another extra layer of security on top of Windows systems.

The toolkit is not a standalone antivirus product because it will not actively look for malware, but it will put up serious defenses whenever malware tries to exploit vulnerable components.

Until now, security researchers have discovered a few ways to bypass EMET's defenses, but none have been used in real-world attacks.

Bypass methods work on EMET 5.5 on Windows 7
According to FireEye, in the past weeks, the company has come up over a few Angler exploit kit installations that can bypass EMET's protections on Windows 7.

Researchers claim that the Angler EK is deploying two exploits, one for Flash and one for Silverlight. These two exploits make two calls to the aforementioned plugins and run their code via a protected memory slot that allows them to deliver the malicious payload regardless of EMET's DEP (Data Execution Mitigation), EAF (Export Address Table Access Filtering), and EAF+ mitigations.

For this particular campaign, the crooks used Angler to bypass EMET and install the TeslaCrypt ransomware. These exploits even worked on EMET's latest 5.5 version.

"The level of sophistication in exploits kit has increased significantly throughout the years," FireEye's Raghav Pande and Amit Malik noted. "Where obfuscation and new zero days were once the only additions in the development cycle, evasive code has now been observed being embedded into the framework and shellcode."

Back in February, the same FireEye team discovered a method to use EMET's own security protections to disable itself.

Full Article: Angler Exploit Kit Finds a Method to Escape Microsoft's EMET Security Toolkit
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top