SoylentNews

janrinok writes:

Another security story from The Register to start the week off:

Attackers have added a recent dangerous Adobe vulnerability to the Magnitude exploit kit, according to respected independent malware researcher "Kafeine". The remote code execution vulnerability (CVE-2015-3113) revealed last week allows attackers to hijack un-patched machines targeting Internet Explorer on Windows 7 and XP.

Web villains [sic] designated APT 3 by FireEye sleuths are already exploiting the flaw through phishing attacks. Now the researcher known as Kafeine says the vulnerability has been added to the Magnitude exploit kit in what is a significant elevation of risk for Flash users.

Kafeine says Magnitude attackers are using the exploit to drop the Cryptowall ransomware.

"CVE-2015-3113 has been spotted as a zero day by FireEye, exploited in limited targeted attacks. It's now making its path to exploit kits," he says.

Magnitude, said to generate as of August up to $US100,000 a month for its author, maintains about a third of the exploit kit market according to Trustwave. The researchers say the Magnitude author, thought to be a single Russian, could make up to $3 million a year.