When emails leaked from surveillance tools vendor Hacking Team hinted at a critical vulnerability in Microsoft’s Silverlight multimedia player, researchers at security firm Kaspersky Lab wondered if they would be able to find a way to catch an attacker exploiting the flaw.
Turns out they could.
On Jan. 12, Microsoft patched a critical vulnerability in its Silverlight player that Kaspersky was able to pinpoint after it caught an attacker using an exploit. The attack code is thought to be the same exploit that a 30-something Russian bug finder, Vitaliy Toropov, attempted to sell to Hacking Team, as revealed by leaked emails.
“He had sold multiple vulnerabilities to Hacking Team in the past,” Brian Bartholomew, a senior security researcher at Kaspersky Lab, told eWEEK. “We thought it likely that if Hacking Team didn’t buy it, he may have sold it to someone else.”
“After implementing the detection, we waited, hoping that an APT [advanced persistent threat] group would use it,” the Kaspersky researchers stated in an online writeup of their experiment. “Since Vitaliy Toropov was offering it to Hacking Team, we also assumed that he sold it to other buyers, and what good is a zero-day if you don’t use it?”
To detect the attack, Kaspersky uploaded its pattern rule to the antivirus software used by millions of customers, essentially turning its user base into a giant neighborhood watch program. When an attack happened, the software blocked the exploit and delivered details of the attack to Kaspersky.
“The software protects them from the attack, but at the same time, there is some valuable intelligence and information on the attack itself, so we do pull back very limited metadata from the attacks,” Bartholomew said.
Security firm Qualys had rated the Silverlight vulnerability as a less-interesting part of Microsoft’s regular Patch Tuesday update, but following Kaspersky’s report on the bug and evidence that the attack is being used in the wild, the company raised its rating of the vulnerability.
The big question for Kaspersky is whether Toropov wrote and sold the exploit.
“Several things make us think it’s one of his exploits, such as the custom error strings,” the company’s researchers stated in their online analysis. “Of course, there is no way to be sure and there might be several Silverlight exploits out there. One thing is for sure though—the world is a bit safer with the discovery and patching of this one.”
Originally published on eWeek.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…