The attackers try to exploit a vulnerability (CVE-2013-0074) patched by Microsoft on March 12th, 2013, if the targeted machine is not up-to-date it is able to compromise the machine.

Malware.dontneedcoffee.com, aka Kafeine,  revealed that the Silverlight exploit has been integrated into the Angler exploit kit, so for the attacker it is just necessary to lure to an infected page the victim.

Kafeine reported that the Silverlight vulnerability is being used by the same cybercriminal gang behind the Reveton ransomware:

“Angler EK is definitely on the move. It’s not a huge surprise when we can speculate that the team behind is the same that was first using Cool EK (Paunch VIP customer) and is behind the Reveton threat.”

The Angler kit is a recent tool appeared in the underground as condequence of the arrest for the alleged creator of Blackhole exploit kit .

If a user is entice to an malicious page, the Angler exploit will determine if Silverlight is installed and what version is running. If the machine is a potential target, a specially crafted library is triggered to exploit the Silverligh vulnerability to serve a malware.

“Those that already have and older version of Silverlight can still watch Netflix and may not be aware that their computers are at risk,” “We can expect this CVE to be integrated into other exploit kits soon, so it is important to make sure you patch all your machines now. Even if you don’t watch Netflix, you may have installed Silverlight in the past and forgotten about it. If you don’t need Silverlight (or other plugins), simply remove it altogether as that will help to reduce your surface of attack.” wrote Jerome Segura, researcher at Malwarebytes.

Fortunatelly Netflix users, and more in general any internet user with Silverlight are invited to keep up to date their systems, this is necessary to avoid other data breaches considering that other exploit kit authors will integrate soon the code to exploit the vulnerability in their products.