Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Patched Word Flaw Still Exploited Within Malware-Laced Assaults, Says Trend Micro

According to Trend Micro the security company, even after Microsoft patched a March 2014 declared security flaw in Word that allowed code execution from the remote, during April 2014, cyber-criminals yet continue to exploit it within their malicious attacks.

Reportedly, attackers have been using the flaw to specifically target government agencies as well as one educational institution located inside Taiwan.

Of these assaults, the ones on government agencies involved bulk electronic mails having malware in attachments. The spam mails impersonated a government staff, while there was an exploit inside the messages which Trend Micro detected to be TROJ_ARTIEF.ZTBD-R.

Trend Micro further found that the said exploit installed more files containing the final malicious component identified as BKDR_SIMBOT.SMC.

On the other hand, the assault on the academic establishment involved one e-mail attachment for acquiring admission into the recipient's PC as well as network. While free trade matters were discussed within the e-mail text, there was mention of certain work project title inside the attachment.

Like in the first instance, here too, an exploit features the attachment that has been identified as TROJ_ARTIEF.ZTBD-PB. The Trojan installs a backdoor malware recognized to be BKDR_SIMBOT.ZTBD-PB, which helps hunt files for theft, transmit files to the remote attacker and also conduct lateral movement.

An analysis by Trend Micro shows that both the above assaults are associated with the Taidoor - an operation active from 2009- via the same kind of network-traffic arrangement. Both the assaults resemble previous campaigns so far as target, methods applied like utilizing 0-day vulnerability, and social engineering tactic are concerned.

Additionally, alongside these activities, the Word flaw has also been abused within one assault that was executed on certain mailing service of Taiwan. At that time, the criminals utilized PlugX RAT for filching data-files as also gaining hold over infected PCs.

However, for steering clear of attacks that exploit the vulnerability in question, the best solution is for patching the same security flaw and on a priority basis. In fact, whenever a security patch is made available, both organizations and individual users must install it for warding off assaults, which leverage vulnerabilities.

» SPAMfighter News - 5/22/2014

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page