12345

4/13/2012

[Caution] Malicious file about Agni-V is an intercontinental ballistic missile from India


1. Information


INCA Internet response team detected malicious files about Agni-V, an intercontinental ballistic missile developed by the Defense Research and Development Organization (DRDO) of India.
Especially, it is disguised its file name sent from DRDO and seemed to be a kind of APT.
According to DRDO chief, the exact range of Agni V is "classified" but afterwards he described Agni V as a missile with a range of 5,500-5,800 km.



Agni means the "god of fire", and named Indian ballistic missiles.


[Caution] Malicious file about North Korea's nuclear test
http://en-erteam.nprotect.com/2012/04/caution-malicious-file-about-north.html

[Warning] APT malicious files for Geographical Survey Institute of Ministry of Land, Infrastructure, Transport and Tourism
http://en-erteam.nprotect.com/2012/03/warning-apt-malicious-file-for.html

[Caution] APT attack about 53rd anniversary of Tibetan Uprising day on March 10
http://en-erteam.nprotect.com/2012/03/caution-apt-attack-about-53rd.html

2. Details

Found malicious file is disguised as a DOC file, which uses CVE-2010-3333 exploit.

The name of that file is "First test of nuclear missile Agni-V in a fortnight DRDO chief.doc" and induces user itself sent by DRDO(Defense Research and Development Organization).


Without latest security update, this file shows MS Word page as following and will install malicious files.

 

It will create msb.exe on Temp folder and execute. Then it will copy svchost.exe on Application Data folder and remove original msb.exe.

C:\Documents and Settings\[User account name]\Application Data 


This malicious file tries to access certain host in U.S. and waits additional command.


Accessing server locates in U.S.


3. Summary

To be safe from APT attacks and various cyber threats, we need security training course, management, and monitoring. Furthermore, continuous managing and security strategy will be needed. To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.

No comments:

Post a Comment