12345

9/26/2012

[Warning] New Internet Explorer Zero-Day exploits

1. Introduction

Zero-day exploit code for Internet Explorer of Microsoft has been detected on Italian certain web site. A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on "day zero" of awareness of the vulnerability. Microsoft is analyzing that vulnerability. Malicious files were reported at Italian web site for winter supplies. And now, all exploit code had been removed.




2. Malicious file information

IE 0-day malicious files were found on following web site.


Files were submitted on September 14, 2012, and removed on September 16, 2012. exp.txt is only remained.



Reported Virus Total's results are as following.

[exploit.html]
https://www.virustotal.com/file/9d66323794d493a1deaab66e36d36a820d814ee4dd50d64cddf039c2a06463a5/analysis/

[Moh2010.swf]
https://www.virustotal.com/file/70f6a2c2976248221c251d9965ff2313bc0ed0aebb098513d76de6d8396a7125/analysis/

[Protect.html]
https://www.virustotal.com/file/2a2e2efffa382663ba10c492f407dda8a686a777858692d073712d1cc9c5f265/analysis/

[111.exe]
https://www.virustotal.com/file/85ad20e922f5e9d497ec06ff8db5af81fbdcbb6e8e63dc426b8faf40d5cc32c6/analysis/

"exploit.html" will execute Moh2010.swf which contains DoSWF(http://www.doswf.com/) program and can execute "Protect.html" with using iframe script.




"Protect.html" works for aiming at IE 7 and 8. It will try to install "111.exe" which were encoded XOR.



Upon executing "111.exe", it will install "mspmsnsv.dll" on system folder and try to access on certain host.

3. Summary

INCA Internet response team is fortifying security monitoring about IE 0-day vulnerability and abnormal symptom. New variants of malicious file can be detected by our nProtect Anti-Virus family. Users need to maintain latest update from being safe by these malicious files. Furthermore, in case of being spread by web site, these files are using security vulnerability. So, latest updates of OS and applications used frequently are needed. To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.
nProtect Anti-Virus/Spyware v3.0 diagnoses and treats various variant files.

Free installation link of nProtect AVS : http://avs.nprotect.com/

10 comments:


  1. Wonderful company now cleans houses and cottages and villas and buildings, companies, palaces and all the facilities that need to be cleaned wonderful company شركة تنظيف بالرياض Distinct and strong and firm with great knowledge Dear Customer, We are the first company in Riyadh demolished cleaning In some cases, be the ideal company is the company شركة تنظيف شمال الرياض You will find located in the north and the wonderful company in the west and south and east of Riyadh, God Almighty to شركات تنظيف بالرياض Multiple in abundance and at the rate we are today known to the customer that we are the best ever in our company Dear Customer dexterity and strength and equality شركات نظافة بالرياض Call wonderful group until you clean the house

    ReplyDelete
  2. Playbox is one of the best apps among all the others which provide streaming of movies and tv shows.
    The best part is, it is absolutely free for everyone and it also provides multiple resolution of the videos.
    You can also watch the videos even when you are offline
    PlayBox Apk

    ReplyDelete
  3. Nếu bạn đang cần công ty chuyển hàng từ thái lan về việt nam hãy liên hệ với chúng tôi. Chúng tôi sẽ giúp bạnmua hàng thái lan online một cách dễ dàng. Chỉ cần đưa thông tin sản phẩm bạn cần cho chúng tôi, chúng tôi sẽ mua và vận chuyển về Việt Nam. Khi chỉ là mỗi Thái Lan chúng tôi còn có các dịch vụ khác như: dịch vụ chuyển hàng từ mỹ về việt nam, dịch vụ vận chuyển hàng đi campuchia, dịch vụ đặt hàng quảng châu giá rẻ, .... Nếu bạn cần mua hàng trung quốc giá rẻ hay cần mua hàng trên taobao hãy liên hệ và sử dụng
    dịch vụ order hàng thái lan giá rẻ của chúng tôi. Chúng tôi sẽ giúp bạn
    kinh nghiệm shopping tại thái lan

    Lưu ý : Bên hàng thái chúng tôi còn vận chuyển cả nhạc cụ đàn tỳ bà các bạn nhé!!!

    ReplyDelete
  4. تخلصك من الحشرات المنزل بانواعها و القوارض نهائيا ؛ و عمل الكشف الدورى من ضمن خدماتها لضمان مستوى الخدمة و التاكد من بيئة صحية ,
    شركة المثالية لمكافحة الحشرات القيام باعمال المكافحة الشامله على اعلى مستوى من الحرفيه فى مكافحة الحشرات فى جميع الاوقات هي افضل ما يمكن الحصول علية تقدم خدمة سريعةمبيدات ذات فاعليةاسعار مناسبةلا شك ان الحشرات تثير الذعر عند شركة كشف تسربات المياه بالاحساء
    شركة عزل اسطح بالاحساء

    ReplyDelete
  5. I think Zero day vulnerabilities can be serious security risks. When searching for an appropriate antivirus solution, look for security software that protects against both known and unknown threats
    Zero-day attack

    ReplyDelete
  6. Great homework planner app can be downloaded here!

    ReplyDelete
  7. Thankful to you for this informative post. I always like to read content that pointing to some useful thought or it makes readers to think. UK dissertation writing service

    ReplyDelete
  8. The author has explained the technical aspects in an understandable manner. You have shown absolute justice to the topic. Best essay writing service reviews

    ReplyDelete