Patched Word Flaw Still Exploited Within Malware-Laced Assaults, Says Trend Micro

According to Trend Micro the security company, even after Microsoft patched a March 2014 declared security flaw in Word that allowed code execution from the remote, during April 2014, cyber-criminals yet continue to exploit it within their malicious attacks.

Reportedly, attackers have been using the flaw to specifically target government agencies as well as one educational institution located inside Taiwan.

Of these assaults, the ones on government agencies involved bulk electronic mails having malware in attachments. The spam mails impersonated a government staff, while there was an exploit inside the messages which Trend Micro detected to be TROJ_ARTIEF.ZTBD-R.

Trend Micro further found that the said exploit installed more files containing the final malicious component identified as BKDR_SIMBOT.SMC.

On the other hand, the assault on the academic establishment involved one e-mail attachment for acquiring admission into the recipient's PC as well as network. While free trade matters were discussed within the e-mail text, there was mention of certain work project title inside the attachment.

Like in the first instance, here too, an exploit features the attachment that has been identified as TROJ_ARTIEF.ZTBD-PB. The Trojan installs a backdoor malware recognized to be BKDR_SIMBOT.ZTBD-PB, which helps hunt files for theft, transmit files to the remote attacker and also conduct lateral movement.

An analysis by Trend Micro shows that both the above assaults are associated with the Taidoor - an operation active from 2009- via the same kind of network-traffic arrangement. Both the assaults resemble previous campaigns so far as target, methods applied like utilizing 0-day vulnerability, and social engineering tactic are concerned.

Additionally, alongside these activities, the Word flaw has also been abused within one assault that was executed on certain mailing service of Taiwan. At that time, the criminals utilized PlugX RAT for filching data-files as also gaining hold over infected PCs.

However, for steering clear of attacks that exploit the vulnerability in question, the best solution is for patching the same security flaw and on a priority basis. In fact, whenever a security patch is made available, both organizations and individual users must install it for warding off assaults, which leverage vulnerabilities.

» SPAMfighter News - 5/22/2014