Reading Time: 1 minute
As if we needed it, we have more proof that the black hats never rest. An already notorious exploit kit has been “improved” as a weapon against innocent web users.There is a very active and lucrative market for exploit kits, tools for developing malware and exploiting vulnerabilities in software. Some of the participants in the market are doing legitimate work, identifying vulnerabilities for the purpose of warning potential hacking victims and developing counter measures.

Others have nefarious goals, such as the group that developed the notorious Angler exploit kit, designed as a web based attack tool.Angler is well known for targeting programs run in a web browser, including Adobe reader, Adobe Flash player, and the Java environment. Java has had a series of serious vulnerabilities over the past few years and may be the most serious concern. Recently the kit has been updated for a vulnerability found in Microsoft Silverlight plugin which can be used to exploit the security system and breach into user’s computers and gain control.

By using an exploit found in Silverlight 5 and earlier, the angler kit will allow remote executions. Silverlight is a service used for web animation, similar to Adobe Flash. The plugin is being used by more than 40 million people in USA alone, so the impact of this threat is high. Users are advised to take better Internet security measures and safeguard themselves against such attacks. A fix/patch is already released and all that needs to be done is an update.