Security 10809 Published by

Attack exploiting fully updated Flash installs Bedep botnet.



From ArsTechnica:
If you've been meaning to disable Adobe Flash, now might be a good time. Attacks exploiting a critical vulnerability in the latest version of the animation software have been added to a popular exploitation kit, researchers confirmed. Attackers often buy the kits to spare the hassle of writing their own weaponized exploits.

Prolific exploit sleuth Kafeine uncovered the addition to Angler, an exploit kit available in underground forums. The zero-day vulnerability was confirmed by Malwarebytes. Malwarebytes researcher Jérôme Segura said one attack he observed used the new exploit to install a distribution botnet known as Bedep.
  Attack for Flash 0day goes live in popular exploit kit