Flash zero-day monster Angler dominates exploit kit crime market

SophosLabs researcher Fraser Howard says the Angler exploit kit is dominating the highly competitive underground malware market: Angler's market share has exploded from a quarter to 83 per cent within nine months.

The growth occurred between September and May this year, we'e told.

Angler emerged in 2013 to become one of the most capable exploit kits. Like its rivals, the code is designed to be an all-in-one ram-rod hacking package that web scum can use to get their malware, ransomware, and other net nasties past user machine defences.

The hacking toolkit incorporates emerging, patched and private zero day vulnerabilities and is cleaning up is dominating the market in the wake of the downfall of the BlackHole exploit kit which fell to pieces after the aptly-named founder Paunch was arrested in 2013.

Howard says Sophos is finding thousands of Angler-infected pages a day.

"Angler has risen above its competitors in recent months," Howard says.

"This could be down to many factors: higher traffic to Angler-infected pages; exploits with a better hit-rate in delivering malware; slicker marketing amongst the criminal fraternity; more attractive pricing – in other words, good returns for the criminals who are buying 'pay-per-install' malware services from the team behind Angler.

"One thing is clear: Angler has a serious impact on anyone browsing the web today."

Howard says the malware menace evades detection "at every level". It ducks reputation filtering by switching rapidly hostnames and IP numbers and using domain shadowing to piggyback legitimate domains; it beats content detection it creates unique dynamic encrypted content for each victim, and deploys obfuscation and anti-sandbox tricks to foil white hat researchers.

Angler has displaced rival Nuclear, previously the top exploit kit.

It has since kept in headlines by quickly incorporating the three Adobe Flash zero day flaws that emerged from the Hacking Team breach, a trend that it has maintained to ensure its commercial success.

Exploit kit connoisseurs can enjoy Howard's detailed breakdown of Angler's techniques and tactics it uses to crack computers and frustrate researchers. ®