Once again that's fast. Nine day (or less?) after patch
the vulnerability is being exploited in blind mass attack. No doubt about it : the team behind Angler is really good at what it does.
Angler EK :
Thanks to Kaspersky for CVE identification.
 |
| CVE-2014-8440 successfully exploited by Angler EK 2014-11-20 |
The Sample is : 8181b7da3a53a7a6c1d23f852e85c446
Two Fiddler (Firefox and IE) pushed on VT : Fiddler_Angler_CVE-2014-8440_Password_is_malware.zip
[Edit : 2014-11-26]
This CVE that was used only in a specific (VIP?) Angler instance has been propagated to all Angler EK threads with 02d48a05c15f55a085be296ed12a5ed7 this afternoon.