An exploit for an unconfirmed Adobe Flash Player Zero Day added in to the Angler exploit kit and is, along with exploits for several other Flash flaws, opening users’ Windows machines to the Bedep Trojan.
The discovery came from malware researcher Kafeine, who said not all instances of the exploit kit are equipped with the Zero Day.
Adobe Flash Player see such wide usage that this particular malware delivery campaign could be very successful.
Windows 8.1 and Google Chrome users are safe from this exploit due to the operating system’s and browser’s sandbox, Kafeine said in a blog post. Malwarebytes Anti Exploit also blocks the exploit.
Windows XP, 7, 8 and Internet Explorer 6, 7, 8, and 10 users might want to consider disabling their Flash Player for a couple of days. The flaw affects Flash versions 188.8.131.52 and 184.108.40.2067 (the latest).
The Bedep Trojan makes the victims’ computer perform ad fraud calls.
Trend Micro researchers said malvertisements are delivering these exploits to end users.