by Omri Herscovici & Liran Englender
From our company’s blog (Check Point Software Technologies):
In recent years, exploit-kits have become one of the most common platforms for malware distribution.
One of the exploits coming from Infinity exploit-kit exploits a security vulnerability in Microsoft Silverlight.
Compared to other technologies like Java, PDF, Flash, etc. – Silverlight exploits are less common. Just to get a rough feeling, according to cvedetails.com, from 2010 to 2014, 15 vulnerabilities were reported for Microsoft Silverlight , while Adobe Acrobat Reader had 268 vulnerabilities, Adobe Flash Player had 321 vulnerabilities; Microsoft Internet Explorer had 392 vulnerabilities and Java with at least 358 vulnerabilities. However, Microsoft Silverlight exploits, specifically CVE-2013-0074, are still delivered in active and well known exploit kits.
The blog post, including analysis PDF is availble here:
http://www.checkpoint.com/blog/technical-look-infinity-ek-silverlight-exploit-shellcode/index.html
Analysis PDF:
http://www.checkpoint.com/downloads/partners/TCC-Silverlight-Jan2015.pdf
Infinity EK Payload Decrypter Script: