1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Angler Exploit Kit Website 21

Web Attack: Angler Exploit Kit Website 21

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects attempts to download exploits and payloads from Angler exploit kit that may compromise a computer through various vendor vulnerabilities.

Additional Information

Angler is an exploit kit that allows the remote attacker to perform various malicious actions on the compromised computer. Angler Exploit Kit commonly checks to see if the PC is having some AV software and has IE, Java or Flash vulnerable. If Angler Exploit Kit finds some AV software installed on computer it avoids dropping the exploit and payload.

This exploit kit is known for dropping cryptolocker, Powliks, bedep etc payload, if attack is successful.


  • Various Windows platform


No further action is required but you may wish to perform some of the following actions as a precautionary measure.
Run the Norton Power Eraser. (home users)
Run the Symantec Power Eraser. (business users)
Update your product definitions and perform a full system scan.
Submit suspicious files to Symantec for analysis.

If you believe that the signature is reported erroneously, please read the following:
Report a potential false positive to Symantec.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube