Tibetan Themed Assault Triggered Via Nvidia Exploitation Detected

According to researchers at Sophos the anti-virus firm, one online-attack has been identified which themed on Tibet piggybacks on certain lawful Nvidia file carrying a digital signature, while installs malware onto target PCs.

It maybe noted that Nvidia is a technology company based in Santa Clara, California which ships GPUs (Graphics Processing Units).

To start, an e-mail is sent during the attack which contains one Rich Text Format (RTF) file having a write-up regarding TYC (Tibetan Youth Congress), which diverts the user so 3 files namely NvSmartMax.dll.url, NvSmartMax.dll and Nv.exe get loaded onto his computer.

Of these, Sophos highlights, Nv.exe represents an authentic executable related to the Smart Maximise Helper Host of Nvidia. However, the .dll document works maliciously by running encrypted code within the .dll.url file.

Principal malware Researcher Gabor Szappanos from Sophos says that the assault hijacks the target PC while enabling remote access to the system for the attacker. Pcadvisor.co.uk published this dated February 27, 2013.

When the lawful as also sanitized Nv.exe is used it acts like certain precedence to the malicious item's installation and this makes it more difficult towards spotting the hijack.

Szappanos states that the attack's foremost lesson for users relates to maintaining up-to-date software. Understanding that despite a patch released for Microsoft Office security flaw during April 2012, and attackers continuing to abuse that flaw starting January 2013, it's explicit that a lot of end-users aren't serious about adopting the basics for safety control, he continues.

The researcher also notes the subsequent lesson, which's chiefly to benefit software developers. According to him, even during non-development of security software it's important to recognize the dangers, which one's applications incorporate into their clients' networks.

Last September (2012), Trend Micro detected a much similar attack where PlugX the remote program used to gain access was employed. That assault used one previous Microsoft RTF security flaw named CVE-2010-3333, however, installed some Nvidia files of which one was NvSmartMax.dll. Moreover, similar as the current assault, the 2012 assault had NvSmartMax.dll trigger 'boot.ldr' a backdoor, which could open as also reconstruct files stored inside a PC which was contaminated.

Related article: Tibetan-themed E-mail Scam Thrusts ‘Blended’ Malware

» SPAMfighter News - 3/5/2013