The exploits of a Silverlight vulnerability discovered by Kaspersky Labs, has now – as the cyber-security firm predicted – made its way into the Angler Exploit Kit.
The CVE-2016-0034 vulnerability was patched as part of Microsoft's Patch Tuesday update last month. Kaspersky discovered the Silverlight bug as a result of reverse-engineering information contained in leaked emails from Hacking Team CEO David Vincenzetti.
“My belief was that this was a very powerful and potent exploit that would work its way into many exploit kits,” said Kaspersky researcher Brian Bartholomew, in speaking with SCMagazine.com. “It wasn't the one-week turn-around time I was expecting.”
In a blog post last month, Bartholomew predicted that a hacker would use the proof-of-concept that was posted on the security issues database OSVDB, to reverse engineer the patch and “produce a weaponised version” of the exploit. The exploit “would likely be folded into the leading exploit kits and be available to criminal operations,” Kaspersky's blog stated.
Security researcher Kafeine sent code from Angler EK to researchers – including Kaspersky senior malware analyst Anton Ivanov – to confirm his suspicion that the exploit involved CVE-2016-0034 vulnerability, Kafeine wrote on his blog Malware don't need Coffee.
Attackers needed to discover two separate components to make use of the exploit – a Silverlight application and the parameters through which it was distributed, in this case an HTML file, Bartholomew told SCMagazine.com. “The component that attackers found initially was the application,” he said. “But it took some time for someone to find the delivery method to make it function.”