12345

9/26/2012

[Warning] New Internet Explorer Zero-Day exploits

1. Introduction

Zero-day exploit code for Internet Explorer of Microsoft has been detected on Italian certain web site. A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on "day zero" of awareness of the vulnerability. Microsoft is analyzing that vulnerability. Malicious files were reported at Italian web site for winter supplies. And now, all exploit code had been removed.




2. Malicious file information

IE 0-day malicious files were found on following web site.


Files were submitted on September 14, 2012, and removed on September 16, 2012. exp.txt is only remained.



Reported Virus Total's results are as following.

[exploit.html]
https://www.virustotal.com/file/9d66323794d493a1deaab66e36d36a820d814ee4dd50d64cddf039c2a06463a5/analysis/

[Moh2010.swf]
https://www.virustotal.com/file/70f6a2c2976248221c251d9965ff2313bc0ed0aebb098513d76de6d8396a7125/analysis/

[Protect.html]
https://www.virustotal.com/file/2a2e2efffa382663ba10c492f407dda8a686a777858692d073712d1cc9c5f265/analysis/

[111.exe]
https://www.virustotal.com/file/85ad20e922f5e9d497ec06ff8db5af81fbdcbb6e8e63dc426b8faf40d5cc32c6/analysis/

"exploit.html" will execute Moh2010.swf which contains DoSWF(http://www.doswf.com/) program and can execute "Protect.html" with using iframe script.




"Protect.html" works for aiming at IE 7 and 8. It will try to install "111.exe" which were encoded XOR.



Upon executing "111.exe", it will install "mspmsnsv.dll" on system folder and try to access on certain host.

3. Summary

INCA Internet response team is fortifying security monitoring about IE 0-day vulnerability and abnormal symptom. New variants of malicious file can be detected by our nProtect Anti-Virus family. Users need to maintain latest update from being safe by these malicious files. Furthermore, in case of being spread by web site, these files are using security vulnerability. So, latest updates of OS and applications used frequently are needed. To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.
nProtect Anti-Virus/Spyware v3.0 diagnoses and treats various variant files.

Free installation link of nProtect AVS : http://avs.nprotect.com/

3 comments:


  1. Wonderful company now cleans houses and cottages and villas and buildings, companies, palaces and all the facilities that need to be cleaned wonderful company شركة تنظيف بالرياض Distinct and strong and firm with great knowledge Dear Customer, We are the first company in Riyadh demolished cleaning In some cases, be the ideal company is the company شركة تنظيف شمال الرياض You will find located in the north and the wonderful company in the west and south and east of Riyadh, God Almighty to شركات تنظيف بالرياض Multiple in abundance and at the rate we are today known to the customer that we are the best ever in our company Dear Customer dexterity and strength and equality شركات نظافة بالرياض Call wonderful group until you clean the house

    ReplyDelete