Cybercriminals target Silverlight users with new exploit kit.

aztony

Level 9
Thread author
Verified
Oct 15, 2013
501
The creators of a Web-based attack tool called Angler Exploit Kit have added an exploit for a known vulnerability in Microsoft's Silverlight browser plug-in to the tool's arsenal.

Exploit kits are essentially malicious Web applications that check if visitors run outdated software on their computers and then exploit vulnerabilities in that software to install malware. They usually target popular applications that are accessible through browser plug-ins, such as Java, Flash Player and Adobe Reader.
http://www.computerworld.com/s/article/9244073/Cybercriminals_target_Silverlight_users_with_new_exploit_kit
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Thanks for reminding me to disable Silverlight plugins.

This, I assume affects Comodo users too.
 

aztony

Level 9
Thread author
Verified
Oct 15, 2013
501
Earth said:
Thanks for reminding me to disable Silverlight plugins. This, I assume affects Comodo users too.
The irony is I just installed Silverlight last nite so that I can use Comodo's virtual Kiosk. Then today I see this.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Last I knew, Silverlight isn't a requirement to use Virtual Kiosk, but only needed if you wanted to use it in the fancy "iOS" mode.

Also Silverlight was discontinued by Microsoft in 2012.
Edit: http://support.microsoft.com/lifecycle/search/default.aspx?sort=PN&qid=&alpha=Silverlight&Filter=FilterNO

Pure innovation and sensible move by Comodo. :D
 

aztony

Level 9
Thread author
Verified
Oct 15, 2013
501
Earth said:
Last I knew, Silverlight isn't a requirement to use Virtual Kiosk, but only needed if you wanted to use it in the fancy "iOS" mode.

Pure innovation by Comodo. :D
Interesting, because when I 1st tried to use the virtual kiosk I got a msg in the GUI that said I needed to have either Comodo Dragon or Silverlight for the feature to work properly. I tried to use the virtual Kiosk without either but could not connect to the internet. So I opted to install Silverlight.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Unless they've changed it for v6.3, you shouldn't need either Dragon or Silverlight.

Comodo Forums said:
Chiron said:
The Kiosk will work fine without Silverlight. The only thing which it is technically required for, I believe, is tablet mode. If I'm forgetting something I'm sure someone will correct me soon.

HeffeD said:
That's correct. Instead of Tablet Mode and Classic Mode, the Kiosk will only have Classic Mode available if you don't install Dragon and Silverlight.

Unless you want to run tablet style apps, Classic Mode will do just fine.

http://forums.comodo.com/defense-sandbox-help-cis/cis-61-virtual-kiosk-t95686.0.html
 

I'm Me

New Member
Verified
Sep 14, 2013
41
Earth said:
Also Silverlight was discontinued by Microsoft in 2012.

Thanks, I didn't know that. Uninstalled Silverlight today after reading this.
 

aztony

Level 9
Thread author
Verified
Oct 15, 2013
501
Microsoft has said it will support the Silverlight 5 browser plug-in until Oct. 12, 2021.
http://www.computerworld.com/s/article/9238421/Netflix_to_dump_Silverlight_Microsoft_s_stalled_technology
 

Littlebits

Retired Staff
May 3, 2011
3,893
Angler EK loads the Silverlight exploit only if the Java or Flash Player versions installed on the computer are not vulnerable

So this exploit depends on out-dated Java and Flash Player in order to be successful.

Silverlight users should make sure they have all the patches available for the software installed. Silverlight security patches are normally distributed through the Windows Update mechanism.

Also needs out-dated Silverlight plugin to be successful.

Keep your software updated and no worries.

Thanks. :D
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Bit of an odd exploit kit, thanks for the new info. :D
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top