If users want to watch Netflix via PC, they will need to use Silverlight, which is Microsoft’s rich media player and framework. A simple prompt asks Netflix members to download a plug-in: “If you do not already have Microsoft Silverlight plug-in installed, you will be prompted to download and install the free plug-in for your web browser,” Netflix says in a pop-up. “Just follow the instructions to get started.”
Microsoft patched the flaw (CVE-2013-0074) on March 12, 2013, but not all consumers have installed the update. And now, a Silverlight exploit has integrated into the Angler exploit kit, as discovered by Kafeine. If a user running Silverlight (i.e., any Netflix member) is lured to an infected page, Angler will determine if Silverlight is installed and what version is running. If the machine is determined to be a target, a specially crafted library is triggered to exploit the Silverlight vulnerability to open the door for malware.
The Angler kit appeared last month, very shortly after the creator of the popular Blackhole exploit kit (codename “Paunch”) was arrested in Russia. The kit, with the Silverlight vulnerability, is being used by the same cybercriminal gang behind the Reveton ransomware, according to Kafeine. That group had been using the Blackhole-derived Cool Exploit kit before the arrest.
“Those that already have and older version of Silverlight can still watch Netflix and may not be aware that their computers are at risk,” said Jerome Segura, researcher at Malwarebytes, in a blog. “We can expect this CVE to be integrated into other exploit kits soon, so it is important to make sure you patch all your machines now. Even if you don’t watch Netflix, you may have installed Silverlight in the past and forgotten about it. If you don’t need Silverlight (or other plugins), simply remove it altogether as that will help to reduce your surface of attack.”