MS Silverlight 5 flaw exposes 40M Netflix users to security risk

Pierluigi Paganini November 20, 2013

Users of Netflix, the provider of on-demand Internet streaming media, must beware of Silverlight exploit that could allow attackers to hack their systems.

A vulnerability in Microsoft Silverlight 5 exposes to the risk of cyber attacks nearly 40 million Netflix streamers, the flaw is being exploited to execute arbitrary code on victim’s systems without any user interaction. The risk is high and considering the wide audience of Netflix, during last weeks many popular web portals have been hacked including php.net , MacRumors and vBulletin with serious consequences for visitors, the websites in fact were used to serve malware and syphon members’personal information.
A few days ago Inj3ct0r Team of Exploit Database website 1337Day claimed the responsibility for the hack of the Macrumors official website based on vBulletin CMS, it announced to have exploited a Zero Day flaw for the attack.

Macrumors.com was based on vBulletin CMS. We use our 0day exploit vBulletin, got password moderator. 860000 user data hacked too. The network security is a myth
During the conversation, team leader told that he has discovered a Zero Day Remote Code Execution vulnerability in vBulletin v4.x.x and 5.х.x, that allows an attacker to execute arbitrary code on the server end remotely.
Netflix, Inc. is an American provider of on-demand Internet streaming media, a vulnerability in Silverlight could expose to hacking attacks those customers that watch Netflix via PC. Streaming functionality are implemented with Microsoft Silverlight application framework.
The attack scenario is very simple, a prompt asks Netflix members to download a plug-in:
“If you do not already have Microsoft Silverlight plug-in installed, you will be prompted to download and install the free plug-in for your web browser,”  “Just follow the instructions to get started.”

The attackers try to exploit a vulnerability (CVE-2013-0074) patched by Microsoft on March 12th, 2013, if the targeted machine is not up-to-date it is able to compromise the machine.

Malware.dontneedcoffee.com, aka Kafeine,  revealed that the Silverlight exploit has been integrated into the Angler exploit kit, so for the attacker it is just necessary to lure to an infected page the victim.

Kafeine reported that the Silverlight vulnerability is being used by the same cybercriminal gang behind the Reveton ransomware:

“Angler EK is definitely on the move. It’s not a huge surprise when we can speculate that the team behind is the same that was first using Cool EK (Paunch VIP customer) and is behind the Reveton threat.”

The Angler kit is a recent tool appeared in the underground as condequence of the arrest for the alleged creator of Blackhole exploit kit .

If a user is entice to an malicious page, the Angler exploit will determine if Silverlight is installed and what version is running. If the machine is a potential target, a specially crafted library is triggered to exploit the Silverligh vulnerability to serve a malware.

silverlight exploit in Angler Exploit Kit

“Those that already have and older version of Silverlight can still watch Netflix and may not be aware that their computers are at risk,” “We can expect this CVE to be integrated into other exploit kits soon, so it is important to make sure you patch all your machines now. Even if you don’t watch Netflix, you may have installed Silverlight in the past and forgotten about it. If you don’t need Silverlight (or other plugins), simply remove it altogether as that will help to reduce your surface of attack.” wrote Jerome Segura, researcher at Malwarebytes.

Fortunatelly Netflix users, and more in general any internet user with Silverlight are invited to keep up to date their systems, this is necessary to avoid other data breaches considering that other exploit kit authors will integrate soon the code to exploit the vulnerability in their products.

Users are alerted and there will be no excuse in case of accidents

Pierluigi Paganini

(Security Affairs – Netflix, hacking)



you might also like

leave a comment