12345

4/19/2011

[Warning] Malicious file using vulnerability of web browser

1. Introduction

Recently, a malicious file using vulnerabilities of certain web browser has been found.
Since this malicious file can work on clicking URL link included in instant messenger, general user needs to be careful about being infected malicious file from those malicious file.


2. Spreading path and symptoms of infection

As we mentioned above, this malicious file will infect user's PC on clicking URL link with using vulnerability on web browser such as Internet Explorer.

Message, being spread so far, contains uncertain URL as following.


Additional malicious file will be download and being installed with that malicious Script code on accessing URL. This infection is caused by vulnerabilities such as "CVE-2010-0806, MS10-018".



After checking PC's status, if it found vulnerability, it will try to access "1.html" through included malicious code, and download normal image file to induce user against malicious file's infection.
Download figure is as following.



When we open "1.html", it had been encoded as following.
We decoded it to be seen easily.



Decoded "1.html" contains URL address to download executable .EXE file in its inside.



Downloaded "adjku.exe" contains "Fake Digital Signature" and "Version Information" to be seen as a normal file.



When the downloading "adjku.exe" is complete, it will create malicious file on following path.

[Generated file]

C:\WINDOWS\FXSST.dll (33,340 bytes)
C:\WINDOWS\system32\m_user.dll (80 bytes)
C:\WINDOWS\system32\V3lght.dll (15,360 bytes)
C:\Documents and Settings\(User account folder)\Local Settings\Application Data\f.exe (64,376 bytes)



* Control flow of malicious file infection and works



3. How to prevent

In this case of spreading technique, infection can appear without applying latest patch, so user must apply patches including MS Windows secure patch and each application's latest patch.

To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function and runs responding system against various security threats.

2 comments:

  1. As for me, this information will be useful for students. It will help you at least with cheating in exams

    ReplyDelete
  2. Thank a lot for sharing this. I want to share something about narrative essays. A narrative essay is an essay in which story of a person’s life is described. It is a big chance for you to learn and research many exciting facts about the person. It is a great chance for the reader also to know about someone worthy. In this type of essay, you write about the character and life of someone who truly lived. Many students have no idea on writing narrative essays, since they have a little knowledge about it. Find best essay writing service here.
    Because you are writing about someone’s life, obviously you need to say the story of that person. One will be having a lot of people and experiences which may have changed their life. You should include these that made a breakthrough in that person’s life. You have to be detailed enough so that the reader should have the feeling of watching a movie about the person. That means like they are watching the actual events. You have to make sure before choosing the person that he should have a story worth telling. After reviewing what you know, focus on the areas of the person’s life which you would like to go deeply on. Then, make some questions which can design your research.
    It will be easy for your enquiries if the person you choose is pretty famous. As you have to do the research, he has to be well known enough so that you can obtain articles and books about them easily. Best way is to find a person who you admire or you are interested in. The excitement of your research will be doubled if so. Another thing to remember is to follow a chronological order. The essay should be in chronological order as life moves so. You can avoid this order in introduction and conclusion.

    ReplyDelete