Bitcoin Ransomware Infections Set To Spike Due To Angler Bypassing EMET
Jp Buntinx · @http://twitter.com/jdebunt | Jun 07, 2016 | 04:42
Ransomware remains a threat looming over every Internet user in the world today. Protecting one’s computer from this type of malware is becoming harder once again, thanks to the EMET-evading exploit. Security experts feel the number of ransomware infections will ramp up exponentially once again.
Also read: Poloniex Exchange Confirms Funds Are Safe Despite Outage
EMET protection is found on the Windows operating system, as Microsoft designed this tool to block Windows-based exploits. However, internet criminals have come up with a way to bypass this protection. Moreover, they bundled the instruments in the Angler exploit kit, which remains one of the most popular choices for hackers to this very day.
EMET Is Not Impenetrable
Up until this point, many security experts felt that EMET was the most efficient ways to prevent Windows computers from being attacked or infected. Moreover, it has never been possible to bypass this layer of protection entirely. FireEye researchers discovered the new code in the Angler exploit kit on Monday, June 6.
TeslaCrypt used to be a favorite among Internet criminals looking to execute drive-by attacks.This particular type of ransomware has caused a lot of havoc in the past, albeit the creators unveiled the master decryption key not too long ago. Spreading ransomware through an exploit kit that can evade security measures opens up a whole can of worrisome opportunities.
FireEye security experts explained the significance of this news as follows:
“The ability of Angler EK to evade EMET mitigations and successfully exploit Flash and Silverlight is fairly sophisticated in our opinion. These exploits do not utilize the usual return oriented programming to evade DEP. Data Execution Prevention (DEP) is a mitigation developed to prevent the execution of code in certain parts of memory. The Angler EK uses exploits that do not utilize common return oriented programming (ROP) techniques to evade DEP. Instead, they use Flash.ocx and Coreclr.dll’s inbuilt routines to call VirtualProtect and VirtualAlloc, respectively, with PAGE_EXECUTE_READWRITE, thus evading DEP and evading return address validation-based heuristics.”
That being said, it is important to note there are limitations as to what internet criminals can do. For the time being, it appears this method only works on Windows 7. Additionally, targeted computers need either Flash or Silverlight installed to execute the attack. But at the same time, there is nothing stopping hackers using the Angler exploit kit from installing malicious applications and ransomware.
What are your thoughts on internet criminals being able to bypass EMET on Windows machines? Let us know in the comments below!
Source: Ars Technica
Images courtesy of EMET, Shutterstock
