Backdoor found in ASEAN defence officials document

Powered by SC Magazine
 

File contains Australian defence officials' phone numbers and email addresses.

Criminals are exploiting interest in the ASEAN Defense Ministers Meetings (ADMM-Plus) to deliver malware to unsuspecting users.

The malware was delivered with a document labelled “ADMM-Plus Defence Officials Directory” that created a backdoor on unpatched machines.

The document itself was benign but contained potentially sensitive phone numbers and email addresses of defence officials from Australia, New Zealand and other members of the Association of South East Asian Nations.

Symantec researcher Takashi Katsuki discovered the document but did not reveal the names contained within it. SC has requested to view the file.

Attackers delivered the document and the payload through a file (.rtf) that exploited a Windows ActiveX remote code execution vulnerability (CVE-2012-0158). Once the file was opened, it dropped the document and the backdoor on machines.

The backdoor loaded after Windows users logged in and contacted a server based in China.

The vulnerability was already patched by Microsoft but had been exploited in a string of malware campaigns since its discovery in April this year.

It has been bound into document files for phishing attacks against Tibetan activists, Japanese steel companies and other industry sectors.               

Copyright © SC Magazine, Australia


Backdoor found in ASEAN defence officials document
Tags
 
 
 
Top Stories
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
Photos: iTnews Benchmark 2015 finalists revealed
Awards alumni gather to celebrate.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  4%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1751

Vote
Do you support the abolition of the Office of the Information Commissioner?