Drive-by attacks that install the once-feared TeslaCrypt crypto ransomware are now able to bypass EMET, a Microsoft-provided tool designed to block entire classes of Windows-based exploits.
The EMET-evading attacks are included in Angler, a toolkit for sale online that provides ready-to-use exploits that can be stitched into compromised websites. Short for Enhanced Mitigation Experience Toolkit, EMET has come to be regarded as one of the most effective ways of hardening Windows-based computers from attacks that exploit security vulnerabilities in both the operating system or installed applications. According to a blog post published Monday by researchers from security firm FireEye, the new Angler attacks are significant because they’re the first exploits found in the wild that successfully pierce the mitigations.
“The level of sophistication in exploit kits has increased significantly throughout the years,” FireEye researchers wrote. “Where obfuscation and new zero days were once the only additions in the development cycle, evasive code has now been observed being embedded into the framework and shellcode.”
The newly observed exploits wield code based on the Adobe Flash and Microsoft Silverlight browser plugins that bypass data execution prevention, a protection that prevents computers from running data loaded into memory. DEP has proven to be extremely…