12345

9/04/2012

[Warning] Malicious files using CVE-2012-1535 exploit are booming.

1. Introduction

INCA Internet response team detected various malicious files which are using latest security hole on Adobe Flash Player in overseas web site. These malicious files have been found since August 13, 2012, and Adobe Systems released security patch for CVE-2012-1535 on August 14, 2012. Because attacker have created and spread malicious file such as normal MS Word DOC file, maintaining latest security update is the most important for being safe. Besides, there are a lot of Flash Player exploits in these days, therefore; we recommend users install latest official security update.



[Security bulletin]
Security update available for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb12-18.html

[Link for latest security patch]
 Adobe Flash Player 11.3.300.271
http://get.adobe.com/flashplayersions/

2. Exploit and status of malicious file

This vulnerability has been shown on Adobe Flash Player 11.3.300.270 or lower. This is spread with disguised as a MS Word file. INCA Internet response team has collected various variants and provided our AVS for treatment.



Malicious file is inserted on Word file as a SWF format which can download and install additional malicious file on certain web site.


In case of malicious "MedalTop10.doc", if infected, it shows following screen and accesses to certain web site. And then, it downloads compressed file and installs named help.gif(compressed file).


hxxp://(~~).mooo.com/docs/help.gif


GIF file is modified its header as image file, however; this is ZIP type file and protected by passwords. After removing modified 6 bytes, this program is as following. Decryptable password is "password123".


After decrypted, you can find it contains malicious test.exe.

Various variants have been found so far, and these files are spreading via social engineering technique. So, users are strongly recommended maintain latest security update.

To update Adobe Flash Player product is the best way to keep your PC safe from malicious files.

[Update latest version]
http://get.adobe.com/flashplayer/


3. How to prevent

To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.
nProtect Anti-Virus/Spyware v3.0 diagnoses and treats various variant files.

Free installation link of nProtect AVS : http://avs.nprotect.com/
Posted by erteam at 10:21
Labels:

5 comments:


  1. شركات نقل اثاث بالمدينة المنورة تساعدك على نقل اثاثك بامان فلا داعى للقلق مع شركات نقل اثاث بجدة

    عزيزى العميل انت من محبى التنقل باستمرار بالتالى انت بحاجة ماسة وضروية الى الاستعانة بالمختصين في نقل العفش خاصة شركات نقل اثاث بالرياض لان الاستعانة باى من عمالة الشوارع الغير مدربة والتي لا تمتلك خبرة كافية في نقل العفش او الحفاظ علية وليس هذا فقط فقد يؤدى الاستعانة بعمالة الشوارع الى حدوث حالة فقدان وتكسير للاثاث بالتالى التاثير الضار عليك عزيزى العميل

    لا تقلق مطلقاً الان بشأن نقل اي منقولات خاصة بك طالما استعنت بشركة الاول لـ نقل الأثاث في الرياض وخارج الرياض فنحن ليس الوحيدون ولكننا متميزون عن اى مؤسسة أخرى داخل وخارج الدمام وشهرتنا كافضل شركة نقل عفش بينبع
    نقل عفش بجدة

    ReplyDelete

  4. Daredevil and Bullseye are going to have a face off for sure in Daredevil season 3 as the antagonist is expected to appear in the upcoming installment. Daredevil Season 3 Release Date

    ReplyDelete

  5. New York City Cleaning Providers

    you for any fuel it takes to get to your place, but will cost thirty dollars an hour to clean your property. Earlier than a cleaner is accepted into our intensive databank, we inadvertently be sure افضل شركة تنظيف مجالس بالرياض that the applicant is up to the task. Their workforce is meticulous and they take up all cleaning jobs, be it big or too small. The company is licensed, bonded, and insured ependable and trustworty assistant to do that for me. The company is licensed, insured and bonded and provides industrial as well افضل شركة تنظيف مسابح بالرياض as residential cleansing providers. Now we have 322 glowing client testimonials

    you'll eventually get to the purpose the place you want to expand what you are شركة تنظيف قصور بالرياض promoting. Encourage satisfied customers to write down critiques about your services. Some customers have particular

    end-of-tenancy and pre-tenancy cleans, in addition to recommending them to new tenants and landlords frequently تنظيف مسابح شرق الرياض. I put great worth in trust and honesty, as my house and enterprise have many things I value out within the open. Your wants could also be simple: a clear premises on your prospects you agree to using cookies on this web site. After you've been cleansing houses for awhile, chances are شركة غسيل سجاد بالرياض you'll determine to supply extra providers to your cleaning company. After you have arrange your Facebook business

    Primary, Carpets, Home windows, Move Out Cleaning. Cleaning providers charge clients for his افضل شركات تنظيف الاثاث بالرياض or her services in a wide range of methods.professionally cleaned many business and properties from Sports Clubs, offices, to student lodging. Our skilled فني مكيفات بالرياض home amid will totally clear each nook and crane of your property based on your wishes or personalized cleaning plan.

    ReplyDelete

Subscribe to: Post Comments (Atom)