Tribal Chicken

Security. Malware Research. Digital Forensics.

CryptoWall spreading via HT Flash 0-day

Well that didn’t take long.

UPDATE 1: Chromes Sandboxing may be a useful defence.

UPDATE 2: Adobe have released a patch:

ACTION REQUIRED: Update your Flash player now! Disable Flash unless required, uninstall Flash completely or set Flash as click-to-play in all browsers. A decent guide for click-to-play can be found here: How to Enable Click-to-Play Plugins in Every Web Browser

The Flash zero-day exploit found in the Hacking Team leak has been weaponised and included in the Angler, Nuclear and Neutrino Exploit Kits, according to various reports.

Feedback from the Trend Micro™ Smart Protection Network™ has allowed us to learn that the Angler Exploit Kit and Nuclear Exploit Pack have been updated to include the recent Hacking Team Flash zero-day. In addition, Kafeine said, Neutrino Exploit Kit also has included this zero-day.

Source: Hacking Team Flash Zero-Day Integrated Into Exploit Kits

CryptoWall 3.0 has been identified as one of the payloads being distributed using the Zero-day.

This means you can be infected simply by browsing to a malicious or compromised website.

MalwareBytes have a report: PSA: Flash Zero-Day Now Active in The Wild

Kafeine’s post is here:  CVE-2015-5119 (HackingTeam 0d – Flash up to and Exploit Kits

Personally, I think you should uninstall Flash and never look back.

I will update once Adobe release a patch or more information is at hand.