In case of recently found malicious HWP document, it is disguised as a certain official document and induces user to be threaten.
So, we are trying to let you know the case of this malicious file and security patch of Hancom Inc's.
[Advisory of security update for HWP's Stack Buffer overflows vulnerability]
* KISA BOHONARA
http://www.boho.or.kr/dataroom/data_05_dtl.jsp?u_id=217&page=1&TempNum=216
* Outline
Stack Buffer overflow was found on 'HWP', one of Korean popular word processor.
Attacker can terminate infected software with using vulnerability or execute malicious code.
An earlier version user can be easily infected by malicious code and is recommended to update newest version.
* Systems
Affected Softwares
- HWP 2004.earlier than 6.0.5.770
- HWP 2005.earlier than 6.7.10.1067
- HWP 2007 earlier than 4.5.12.623
- HWP 2010 SE earlier than 8.5.6.1131
* How to prevent
For earlier version user
- Visit official web site and download or use auto update
- http://www.hancom.co.kr/downLoad.downPU.do?mcd=001
- Auto update : Start → Programs → Hamcom → Hamcom auto update
* Hancom Inc.
http://www.hancom.co.kr/downLoad.downPU.do?mcd=001
* KISA BOHONARA
http://www.boho.or.kr/dataroom/data_05_dtl.jsp?u_id=217&page=1&TempNum=216
* Outline
Stack Buffer overflow was found on 'HWP', one of Korean popular word processor.
Attacker can terminate infected software with using vulnerability or execute malicious code.
An earlier version user can be easily infected by malicious code and is recommended to update newest version.
* Systems
Affected Softwares
- HWP 2004.earlier than 6.0.5.770
- HWP 2005.earlier than 6.7.10.1067
- HWP 2007 earlier than 4.5.12.623
- HWP 2010 SE earlier than 8.5.6.1131
* How to prevent
For earlier version user
- Visit official web site and download or use auto update
- http://www.hancom.co.kr/downLoad.downPU.do?mcd=001
- Auto update : Start → Programs → Hamcom → Hamcom auto update
* Hancom Inc.
2. Spreading path and symptoms of infection
This kind of malicious file especially from attachment of suspicious e-mail or certain web site can infect victim's system. Besides, since this document is masqueraded as an official document, general user can easily download and execute.
[File information]
[HWP2007]
- (Application Program)\Hwp70\Hwpeq9x.dll (57,344 bytes)
- (Windows\Systems)\mvcert.dll (32,768 bytes)
- (Application Program)\Hwp70\Hwpeq9x.dll (57,344 bytes)
- (Windows\Systems)\mvcert.dll (32,768 bytes)
[Registry information]
3. How to prevent
To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.
Security management tips
1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.
1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Anti-Virus/Spyware” for detecting such as malicious file stated above and runs responding system against various security threats.
Diagnosis name
- Trojan-Exploit/W32.Hwp-Exploit.322296
- Trojan-Exploit/W32.Hwp_Exploit.439312
- Trojan/W32.Agent.193736
- Trojan/W32.Agent.32768.BWC
- Trojan/W32.Agent.57344.COQ
- Trojan/W32.Agent.65536.CBK
نقدم لكم عملائنا الأعزاء شركة تسليك مجاري بالدمام
ReplyDeleteThanks for this post. I also encourage you to look through this article to know how to tell if your phone is bugged.
ReplyDeletegreat post. thanks for sharing this information
ReplyDeleteKineMaster for pc
Free fire for pc
https://www.kinemasterforpcdownload.co/
https://www.freefirepcdownload.online/
I guess that kind of weblink can be pretty dangerous. Thanks for the info. I appreciate it.
ReplyDeleteI am glad that I saw this post. It is informative blog for us and we need this type of blog thanks for share this blog, Keep posting such instructional blogs and I am looking forward for your future posts.
ReplyDeleteCyber Security Projects for Final Year
JavaScript Training in Chennai
Project Centers in Chennai
JavaScript Training in Chennai
download Instrumental
ReplyDeletedownload latest Naija Instrumental
download hip pop Instrumental
download dance hall Instrumental
rap Instrumental
Afrobeat Intrumental
pop Intrumental
Top Ten download latest Instrumental 2020
naijaflash
download Instrumental
download latest Naija Instrumental
download hip pop Instrumental
download dance hall Instrumental
rap Instrumental
Afrobeat Intrumental
pop Intrumental
Top Ten download latest Instrumental 2020
naijaflash
download Instrumental
download latest Naija Instrumental
download hip pop Instrumental
download dance hall Instrumental
rap Instrumental
Afrobeat Intrumental
pop Intrumental
Top Ten download latest Instrumental 2020
naijaflash
The Hangul Word Processor (HWP) is a word processing application which is ... Unfortunately, this ability is now being exploited in attacks involving
ReplyDelete1 player games online
Find out who was born on any day in any month in history via our calendar of famous birthdays. Includes famous, historical, noteworthy and Celebrity birthdays.
ReplyDeleteGreat article!
ReplyDeleteدانلود کتاب صوتی قدرت عادت
دانلود کتاب صوتی قدرت عادت دانلود کتاب صوتی قدرت عادت
Wales publishers are offering optimized, Best Publication Services in UK to boost the researcher and research communities, by providing accelerated and efficient services to fasten the publishing process and to give more opportunities for research on different disciplines.Wales publication research conferences give the researchers an international platform to discuss their scientific research Open Access Publishing UK work and their edges.We are different from other conferences because the community's member organizes our conferences.
ReplyDelete