INCA Internet response team detected various malicious files which are using latest security hole on Adobe Flash Player in overseas web site. These malicious files have been found since August 13, 2012, and Adobe Systems released security patch for CVE-2012-1535 on August 14, 2012. Because attacker have created and spread malicious file such as normal MS Word DOC file, maintaining latest security update is the most important for being safe. Besides, there are a lot of Flash Player exploits in these days, therefore; we recommend users install latest official security update.
2. Exploit and status of malicious file
This vulnerability has been shown on Adobe Flash Player 11.3.300.270 or lower. This is spread with disguised as a MS Word file. INCA Internet response team has collected various variants and provided our AVS for treatment.
Malicious file is inserted on Word file as a SWF format which can download and install additional malicious file on certain web site.
In case of malicious "MedalTop10.doc", if infected, it shows following screen and accesses to certain web site. And then, it downloads compressed file and installs named help.gif(compressed file).
GIF file is modified its header as image file, however; this is ZIP type file and protected by passwords. After removing modified 6 bytes, this program is as following. Decryptable password is "password123".
After decrypted, you can find it contains malicious test.exe.
Various variants have been found so far, and these files are spreading via social engineering technique. So, users are strongly recommended maintain latest security update.
To update Adobe Flash Player product is the best way to keep your PC safe from malicious files.
3. How to prevent
To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.
nProtect Anti-Virus/Spyware v3.0 diagnoses and treats various variant files.
Free installation link of nProtect AVS : http://avs.nprotect.com/