Angler Exploit Kit

Posted: March 6, 2014

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	9/10
Infected PCs:	14

First Seen:	March 10, 2014
Last Seen:	December 18, 2020
OS(es) Affected:	Windows

The Angler Exploit Kit is a Web-based threat that installs threatening software onto your computer after exposure to the EK's host Web page. Some of the latest Angler Exploit Kit attacks have used compromised advertisement networks on software piracy websites, but the Angler Exploit Kit also may be inserted into other types of Web pages. Anti-malware protection and strong security settings for your browser should be sufficient for blocking the Angler Exploit Kit's attacks, and similar anti-malware tools should be utilized to delete any software installed via its exploits automatically.

The Angler Exploit Kit: Catching New PCs Hook, Line and Sinker

Exploit kits are one of threat authors' favorite methods of installing high-level threats, such as banking Trojans, backdoor Trojans and rootkits, all without any symptoms to alert the victims using the infected PC. Since an exploit kit like the Angler Exploit Kit often is 'rented' out to third parties for personal campaigns, even the threats installed by a single exploit kit may differ drastically between attacks. Examples of some payloads using the Angler Exploit Kit that malware researchers have seen include:

The Critoni Ransomware, a group of Trojans that encrypt files on your PC, and then ransom you for the decryption process.
Poweliks, a spyware threat that stores itself in-memory without installing any visible files to your hard drive.
ZeroAccess, a rootkit often used to conduct Bitcoin-mining attacks (among its other functions) that may cause permanent harm to your hardware.

The Angler Exploit Kit is launched automatically whenever an unprotected Web browser loads its content, which recently saw distribution on a Pirate Bay advertising network. By using Flash, Java or Adobe Reader vulnerabilities that the Angler Exploit Kit detects automatically, the Angler Exploit Kit then installs its payload onto your system.

Disentangling Your System from an Angler Exploit Kit's Payload

The vulnerabilities used by the Angler Exploit Kit and other EKs often are updated with time. This pattern of threat updates requires potential victims to update their personal software and security solutions, in turn; this especially is true for users of any Web-browsing software with Java or Flash capabilities. Blocking scripts and suspicious advertisement networks also can provide your browser with some level of protection from common sources of contact with the Angler Exploit Kit's attacks. Malware experts also note that live anti-malware protection could block the threat installation before it can occur.

Even with all these solutions available, the Angler Exploit Kit and other EKs are anticipated to remain responsible for significant threat distribution for the foreseeable future. Sites like thepiratebay.se, while not necessarily illegal to visit, do continue to be common sources of unintended exposure to the Angler Exploit Kit and other threats that thrive on advertisement networks with poor security.

Angler Exploit Kit

Threat Metric

The Angler Exploit Kit: Catching New PCs Hook, Line and Sinker

Disentangling Your System from an Angler Exploit Kit's Payload

Leave a Reply