[Warning] Malicious files using CVE-2012-1535 exploit are booming.

1. Introduction

INCA Internet response team detected various malicious files which are using latest security hole on Adobe Flash Player in overseas web site. These malicious files have been found since August 13, 2012, and Adobe Systems released security patch for CVE-2012-1535 on August 14, 2012. Because attacker have created and spread malicious file such as normal MS Word DOC file, maintaining latest security update is the most important for being safe. Besides, there are a lot of Flash Player exploits in these days, therefore; we recommend users install latest official security update.

[Security bulletin]

Security update available for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb12-18.html

[Link for latest security patch]
 Adobe Flash Player 11.3.300.271
http://get.adobe.com/flashplayersions/

2. Exploit and status of malicious file

This vulnerability has been shown on Adobe Flash Player 11.3.300.270 or lower. This is spread with disguised as a MS Word file. INCA Internet response team has collected various variants and provided our AVS for treatment.

Malicious file is inserted on Word file as a SWF format which can download and install additional malicious file on certain web site.

In case of malicious "MedalTop10.doc", if infected, it shows following screen and accesses to certain web site. And then, it downloads compressed file and installs named help.gif(compressed file).

hxxp://(~~).mooo.com/docs/help.gif

GIF file is modified its header as image file, however; this is ZIP type file and protected by passwords. After removing modified 6 bytes, this program is as following. Decryptable password is "password123".

After decrypted, you can find it contains malicious test.exe.

Various variants have been found so far, and these files are spreading via social engineering technique. So, users are strongly recommended maintain latest security update.

To update Adobe Flash Player product is the best way to keep your PC safe from malicious files.

[Update latest version]
http://get.adobe.com/flashplayer/

3. How to prevent

To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.
nProtect Anti-Virus/Spyware v3.0 diagnoses and treats various variant files.

Free installation link of nProtect AVS : http://avs.nprotect.com/