Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Microsoft Finds SWF-Based Assaults Containing Spikes

Microsoft the software company alerts computer operators that several attacks have spikes while spreading ShockWaveFlash (SWF) malware, which are capable of infecting end-users' PCs with malicious programs over time.

Incidentally, malicious programs from SWF assaults aren't unknown. These types of assaults normally exploit security flaws within Adobe Flash Player so that more malware can be loaded onto PCs.

The particular threat reportedly, is a Trojan that Microsoft spotted and named as Trojan:SWF/Jaswi.A, which abuses CVE-2010-0806 a security flaw within IE 6 and 7 allowing execution of random code.

Nevertheless, the Trojan behaves uniquely in the manner it employs for launching the JavaScript related attack code. The majority of SWF assaults utilize the getURL feature for diverting end-users onto malevolent websites; however, Jaswi.A utilizes an utility named ExternalInterface.call() for triggering the insertion.

Remarking about the above technique, Tim Liu a malware researcher at Microsoft stated that the method wasn't really new; however, merely some SWF assaults exploited it. Softpedia.com published this on March 8, 2011.

Importantly, incase the assault proved successful, it would pull down the uusee.exe file that's a malware for stealing Chinese passwords and is called PWS:Win32/Lolyda.AU.

Meanwhile, Microsoft has observed that the Jaswi.A activity contains 3 spikes. Publishing the details, the software company discloses that back in December 2010 it had detected those spikes, the first during the 2010 Christmas season, the second during the early days of 2011, and the third, which was the biggest spike, during mid-January 2011.

Reportedly, it was the PCs in South Korea that were these assaults' targets. For, since 2011 starting, 89% of the PCs attacked, belonged to South Korea wherein 75% were located exactly in Seoul. Additionally, assaults were also reported from USA (5%), Canada (2%), Japan (1%) and rest (3%).

Eventually, Liu stated that Microsoft referred to the implanted JavaScript method within the SWF assaults as it seemed as becoming a trend, while possibly getting to be a widely-used technique too. Elsewhere he stated that users must always be careful when doing Web-surfing as well as utilize anti-malware safeguard, which was taken from an effective scanner. Blogs.technet.com published this on March 7, 2011.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 19-03-2011

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next