Microsoft Silverlight vulnerabilities are increasingly being exploited in drive-by download attacks to infect computers with malware, especially through malicious ads. Attackers have been adding exploits for Silverlight vulnerabilities to their exploit kits, tools that are commonly used to launch Web-based attacks, according to security researchers from Cisco Systems. “Silverlight exploits are the drive-by flavor of the month,” the Cisco security researchers said Monday in a blog post. “Since April 23rd we have observed substantial traffic being driven to Angler instances partially using Silverlight exploits.”
Microsoft’s web video and interactive cross-platform content plugin Silverlight is coming under increasing volume of attacks from hackers as of late. As the public awareness of Java and Flash flaws is increasing, Cisco’s security researchers are finding an increasng number of systems affected by attacks focused on exploits of Microsoft’s Silverlight, as users aren’t aware of the increasing proliferation of malware for the platform. Cisco’s researchers say that “Silverlight exploits are also ideal because Silverlight continues to gain rich Internet application market share, perhaps surpassing Java, and Microsoft’s life cycle schedule suggests Silverlight 5 will be supported through October, 2021,” making users of the plugin numerous, and vulnerable. The analysts contine to say that the malware campaign in question “uses a Silverlight file to trigger the same CVE-2013-3896 vulnerability, but packages the exploit differently and attempts obfuscation through AES encryption.” The CVE-2013-3986 exploit was patched in January, but a large percentage of Silverlight users install the package, and never update it, with some installs being two years out of date.