Purported Iran nuke document contains trojan

Powered by SC Magazine
 

Spreads via Flash vulnerability.

Targeted attackers are leveraging a patched Adobe Flash vulnerability and the ongoing tension around Iran's suspected nuclear program to spread a difficult-to-detect trojan.

Emails were spreading that contained a Word document titled "Iran's Oil and Nuclear Situation", according to Contagio Malware Dump, a malware sample collection site.

Clicking on the file sets in motion a series of events that ultimately results in a malicious binary being dropped onto the target system.

"The Word document contains Flash, which downloads a corrupted MP4 file," wrote Contagio IT specialist Mila Parkour in a blog posted Monday. "This MP4 file causes memory corruption and code execution."

The attack takes advantage of a recently fixed Flash bug (CVE-2012-0754). The vulnerability was repaired, along with six others, last month when Adobe released Flash Player 11.1.102.62 for Windows, Macintosh, Linux and Solaris.

Just seven of 42 of the most popular anti-virus products on Saturday had detected the malicious file, according to a VirusTotal review commissioned by Contagio.

Reached by email, Parkour said "someone donated the sample and sounds like a lot of them are already in circulation." An Adobe spokeswoman said the company didn't have any information about the extent of the threat.

Adobe also released another Flash update (11.1.102.63)  to address two critical vulnerabilities. The flaws garnered "Priority 2" status under Adobe's newly launched ratings system. Priority 2 means there are no known exploits for any of the bugs being fixed, nor are attacks imminent.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Purported Iran nuke document contains trojan
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1782

Vote
Do you support the abolition of the Office of the Information Commissioner?