Supposed ‘Nuclear’ File Attachment on Iran Delivers Trojan

One fresh personalized e-mail assault has been found exploiting the growing concern about the so-called progressively building nuclear program in Iran that's deceptively getting Internet-users to view booby-trapped Word files designed to abuse familiar vulnerability in Flash Player for planting malware, published PCWorld on March 7, 2012.

Worryingly, there's Flash inside the file attachment: "Iran's Oil-and-Nuclear Situation.doc" that pulls down one distorted mp4 file created for initiating memory corruption as also malware execution. Reportedly, this attached file exploits lately-patched Flash vulnerability called CVE-2012-0754.

Essentially, after planting 'us.exe' the name of an embedded binary, the file even runs the executable within the affected end-user's %Temp% directory. US.exe really represents a Trojan, which creates one backdoor entry inside the infected-PC as also attempts at blocking anti-viruses, including their alerts regarding the existence of malicious activity.

However, as both files -.exe and .doc- continue to be detectable with merely a few anti-virus engines of the total under VirusTotal, the security alerts towards blockage of the malicious files remain subdued.

Meanwhile, separately, Adobe issued one new version of Flash i.e. 11.1.102.63 for fixing 2 critical security flaws. The company, via its recently-introduced rating system, has assigned the vulnerabilities "Priority 2" grade, which implies that there isn't any familiar exploit that can abuse either of the flaws being patched, as also that no attack is forthcoming.

Regrettably, these assaults remain effective since most organizations act lackadaisically towards installing updates of security software.

However, presently Adobe is engaged in incorporating sandbox features into Flash Player that'll cause great hurdle in running arbitrary malware onto computers despite the exploitation of the CVE-2012-0754 vulnerability.

Significantly, Mila Parkour, IT Specialist with Contagio has cautioned end-users for being careful with e-mails/attachments received from strange people alternatively organizations with which they didn't themselves initiate a communication. SCMagazine published this on March 5, 2012.

But expectedly, according to Carsten Eiram, Chief Security Expert with Secunia at RSA's conference, cyber-criminals likely would begin attacking other applications as they became popular. Some years back, the PDF-based attack code utilized within 0-day assaults was the most well-known, whereas currently, Flash Player was getting targeted, the maximum, Eiram illustrated. PCWorld published this.

Related article: Substantial Growth in Organized Cybercrime in 2008

» SPAMfighter News - 3/14/2012