Skip to main content

Browser Malware Now Bypasses Microsoft's Best Defenses

You may have read in the past year or two about the Angler browser exploit kit, one of several malware bundles used by online criminals to methodically penetrate your web browser and your (usually Windows) PC.

Credit: Kichigin/Shutterstock

(Image credit: Kichigin/Shutterstock)

It now seems that Angler has been supercharged with the ability to get past two of Microsoft's strongest defenses: the Enhanced Mitigation Experience Toolkit (EMET) and data execution prevention (DEP), both of which are routinely enabled by skilled users and IT departments to beef up Windows security.

This news comes from Amit Malik and Raghav Pande, researchers at the California-based security firm FireEye. Malik and Pande note that this is the first time they've witnessed Angler avoiding EMET, making the exploit kit "one of the more sophisticated ... in use at this time."

So far, FireEye researchers have observed this bypass only in Windows 7 machines with the Microsoft Silverlight or Adobe Flash Player browser plugin activated. We've asked FireEye about whether Windows 8.1 or Windows 10 users need to worry, and will update this story when we receive a response.

MORE: Best Antivirus Protection for PC, Mac and Android

"This zero-day exploit and EMET bypass turns Windows 7 users, still 49 percent of Windows users, into defenseless targets for the next ransomware wave," said Michael Gorelik, vice president of research and development at Israeli security firm Morphisec. "The Angler Exploit Kit is already the preferred weapon of hackers to deliver their malware, and we predict that with this vulnerability, the prominence of Angler will further increase."

Exploit kits are secretly embedded in malicious or hijacked web pages and online ads. Each kit attacks visiting web browsers, quickly assessing the make and version, installed plugins and underlying platform of each browser, then fine-tuning the malware it launches at the browser.

The first thing to get through is usually a "dropper" that exploits known weaknesses in browsers or browser plugins. Once the dropper is installed, the exploit kit is free to load all sorts of malware — including ransomware, banking Trojans and other digital nasties — onto your system.

So how can you stay safe? Because Angler and other exploits kits often attack through Adobe Flash Player and Microsoft Silverlight, you can disable those plugins or set them to click-to-play to gain full control.

Windows 8.1 and, especially, Windows 10 offer much better security overall than Windows 7, but until we hear that those platforms are definitely safe from this new attack, it's best to not assume that upgrading to a newer version of Windows can fix the problem.

  • Robert Miles
    Which browser or browsers? Only those from Microsoft?
  • Paul Wagenseil
    All browsers running on Windows could be affected. The best defense is to disable the Adobe Flash Player and Microsoft Silverlight plugins. If you need them (for example, to watch Netflix), you can make them click-to-run so that malicious ads don't automatically play when you open a webpage.