An archived article on The Guardian website that investigates cybercrime is providing more than information, it’s delivering malware via the Angler Exploit Kit, a web-based attack tool, according to a Thursday blog post from FireEye Labs.
When a syndication link is loaded in the background, readers are eventually redirected to Angler’s landing page via injected HTML that crafts the request to the Angler landing page, the post stated.
The researchers claim a OLE Automation vulnerability is exploited via VBScript. They also detected evidence of a Flash exploitation.
The Angler Exploit Kit typically then scans for browsers with outdated versions of Flash Player, Adobe Reader, Java or Microsoft Silverlight and tries to exploit known vulnerabilities in those plug-ins to install its payload.
This particular attack, similar to other Angler Exploit Kit attacks, is capable of detecting anti-virus defenses and then altering behaviors, the FireEye researchers state.