Based on this article, it appears that the exploit is something that takes advantage of IE / Flash / Silverlight. Does this mean if you run Firefox with Flash disabled and no Silverlight, you have nothing to worry about? In any case, if you had accessed the site recently, then it is probably prudent to check just in case, but still, I'm curious if anyone who knows more about the Angler Exploit Kit can explain.
JavaScript off will also quite effectively prevent this exploit (and many others), even in IE.
(I've been slowly converting people to use JS whitelists, with mixed results. Several times I've accidentally linked someone to an infected site, which had no effect on my system.)
It's ftp, not http. You cannot serve scripts over ftp, so unless there is a completely seperate exploit for ftp clients out there it should remain unaffected. Note that most browsers include an ftp client which is why you are able to browse it.
It's possible the binaries you download may have been modified, but I assume digital signatures are available.
The signatures are available but they are distributed through the same channel as the binaries. If the one was modified it stands to reason that the other has been too.
That only works for hashes. Signatures are produced by a private key which will not be available anywhere, so they can be verified by the public key which is already know.
Great idea to link to a potentially infected site. "Please scan any machine that has accessed this site recently for malware." OK, thanks, now I have to scan for malware.
WordPress is a large and soft target, security-wise, and the malware targeting it has become fairly sophisticated. Note both "large" and "soft" are important, which is why I said both.
If you are implying that you're going to try to claim that WordPress is not a large and soft target, all I can do is really strongly recommend against dashing yourself against those rocks voluntarily. If you'd like some light evening reading, you can try browsing through: http://osvdb.org/search?search[vuln_title]=wordpress&search[...
And my filtering isn't that thorough, a number of results are still in plugins or themes.
My point is that the majority of WordPress problems are not actually WordPress problems but problems with the enormous set of third-party content produced for it. WordPress's security engineering is generally pretty good now, but the plugins are very much a mixed bag.
> uninstall adobe flash and silverlight and never use IE.
Alternatively turn on ActiveX Filtering [1] in IE, whitelist [2] any websites that you need to run ActiveX controls on, make sure your plug-ins are up-to-date and install IE11 if you haven't already.
According to the Cyphort article linked above:
> Cyphort Labs researchers are still in the process of analyzing the Silverlight and flash exploits which exploit a known IE vulnerability (CVE-2013-2551). Angler EK is known to perform file-less injection (memory-based malware where nothing is written to disk).
As you can tell from the CVE number, the exploit used by Angler EK is quite old and doesn't affect IE11 [3] or older versions of the browser that have installed the KB2829530 hotfix [4].
> Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
Take a look at Mozilla's Shumway [0], an engine to convert Flash to HTML5, so that you need not use Flash Player anymore. This should mitigate most (if not all) of Flash's vulnerabilities. Be aware it is undergoing active development and is not fully stable yet.
I searched a few of the *-announce lists and didn't find anything obvious. Is there a discussion somewhere that I'm missing?