Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Microsoft Finds SWF-Based Assaults Containing Spikes

Microsoft the software company alerts computer operators that several attacks have spikes while spreading ShockWaveFlash (SWF) malware, which are capable of infecting end-users' PCs with malicious programs over time.

Incidentally, malicious programs from SWF assaults aren't unknown. These types of assaults normally exploit security flaws within Adobe Flash Player so that more malware can be loaded onto PCs.

The particular threat reportedly, is a Trojan that Microsoft spotted and named as Trojan:SWF/Jaswi.A, which abuses CVE-2010-0806 a security flaw within IE 6 and 7 allowing execution of random code.

Nevertheless, the Trojan behaves uniquely in the manner it employs for launching the JavaScript related attack code. The majority of SWF assaults utilize the getURL feature for diverting end-users onto malevolent websites; however, Jaswi.A utilizes an utility named ExternalInterface.call() for triggering the insertion.

Remarking about the above technique, Tim Liu a malware researcher at Microsoft stated that the method wasn't really new; however, merely some SWF assaults exploited it. Softpedia.com published this on March 8, 2011.

Importantly, incase the assault proved successful, it would pull down the uusee.exe file that's a malware for stealing Chinese passwords and is called PWS:Win32/Lolyda.AU.

Meanwhile, Microsoft has observed that the Jaswi.A activity contains 3 spikes. Publishing the details, the software company discloses that back in December 2010 it had detected those spikes, the first during the 2010 Christmas season, the second during the early days of 2011, and the third, which was the biggest spike, during mid-January 2011.

Reportedly, it was the PCs in South Korea that were these assaults' targets. For, since 2011 starting, 89% of the PCs attacked, belonged to South Korea wherein 75% were located exactly in Seoul. Additionally, assaults were also reported from USA (5%), Canada (2%), Japan (1%) and rest (3%).

Eventually, Liu stated that Microsoft referred to the implanted JavaScript method within the SWF assaults as it seemed as becoming a trend, while possibly getting to be a widely-used technique too. Elsewhere he stated that users must always be careful when doing Web-surfing as well as utilize anti-malware safeguard, which was taken from an effective scanner. Blogs.technet.com published this on March 7, 2011.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 3/19/2011

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page