Its spreading type is e-mail containing malicious Excel files which were coded with the vulnerability of Adobe Flash Player. When users are executing those attachments without Anti-virus software, they can be infected by malicious files.
In case of this kind of attack is very sneaky and needs to strong concentration on security from being infected.
A lot of document files using CVE-2012-0754 vulnerability in these days; therefore, users need to be careful on executing attachment. Following list is document files using same vulnerability mentioned above.
2. Spreading path and symptoms of infection
Malicious files were sent to certain user of Japanese officials with containing malicious xls file, "地域デザイン学会の名簿.xls". Sender is introduced as a student of department of economics on Tokai univ. And additional file lists seemed to be regional design society.
Translation is as following.
When a user who are vulnerable to MS Office executing malicious attachment, 地域デザイン学会の名簿.xls, following flash-like image can be shown.
At the same time, malicious file access to certain web site and download and execute syoukai.mp4 which contains CVE-2012-0754 vulnerability. Then, malicious file, Bladex_reg.exe, will be created on Temp folder and executed.
After then, plugin_containor.exe will be created as a hidden property and executed.
Path : C:\Documents and Settings\(User name)\Application Data\Microsoft
Name : plugin_containor.exe
3. How to prevent
In case of this malicious file uses APT(Advanced Persistent Threat).
This security hole can be filled by installing the latest Adobe Flash Player.
To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.