Vulnerability in Windows Help Center Misused By Attacker
Security firm Symantec has detected an extremely sophisticated assault against two defense contractors, which exploited the unpatched vulnerability in Windows Help Center disclosed in the beginning of June 2010.
There was a code on the Web page for inspecting User-Agent header field as well as extracting the browser and operating system information. After this, a malicious exploit was loaded if the user used Firefox, IE7 or IE8 on Windows XP.
The attacker's second step was researching Defense Contractor B and to detect e-mail addresses in that organization. The attacker sent a sequence of e-mails claiming to be coming from a webmail address and reporting the alleged arrest of the CEO of Defense Contractor B on charges of breaching US export regulations. A link was also provided that directed to a malicious webpage in the fake press release directory that was hosted on the genuine website of Contractor A.
When the exploitation was successful, the binary file that was being stored on the server with .txt extension got implanted and executed on invoking an ActiveXObject. However Lee didn't mentioned the name of the malware involved in the attack, but noted that it was able to receive instructions from the remote attacker.
An especially striking feature of this assault was the preparation level undertaken by the cybercriminal as well as the fact that the attack targeted two different defense contractors.
It is noteworthy that companies that work under Defense Department contracts are regarded as high-profile targets, owing to the nature of data they deal with. Earlier in January 2010, Finnish anti-virus firm F-Secure stated that several defense contractors were target of an assault that used malicious PDF files.
Related article: Vulnerabilities in Web Applications Invite Hackers’ Activities
» SPAMfighter News - 12-07-2010