Microsoft Addresses 0-day in Windows Used within PoS Assaults

Over a hundred companies in North America got victimized with cyber-criminals' attacks that exploited one 0-day vulnerability in Windows. Dubbed CVE-2016-0167, the vulnerability was notified and partially patched within Microsoft's Patch Tuesday security updates of April after it was used in the assaults starting early March. The discoverer of the 0-day was security investigators at FireEye as they revealed the details this Tuesday.

FireEye describes the vulnerability as one local rights escalation vulnerability within Graphics subsystem win32k of Windows. It can be exploited once a code is run from the remote on the intended computer. Its patch was released on 12th April after which Microsoft issued one important update MS16-062 this past Tuesday.

Microsoft further tells about 2 first time observed malware families namely PUNCHTRACK and PUNCHBUGGY that solely the current threat group used.

Describing the malware, Microsoft reveals that PUNCHBUGGY happened to be an ordinary DLL file, however, manipulated for letting criminals send requests, as well as download content through HTTPS from certain distant server. On the other hand, PUNCHTRACK represents one traditional PoS malware which scans the PoS systems' memory to record card data of Track 1 and 2 types.

FireEye states it detected one fresh exploit on 8th March which abused Windows OS within the current threat group's campaign.

According to FireEye's report, PUNCHBUGGY, which can acquire extra code through HTTPS and so is a downloader, got utilized within the threat group's assault for communicating with hijacked PCs while moving laterally from one end to another of the user's network. Threatpost.com posted this, May 11, 2016.

FireEye notified Microsoft about the vulnerability. The computer giant issued one temporary fix namely MS16-039 within its Patch Tuesday of April followed with one complete fix namely MS16-062 within May's security bulletin.

Noting of the criminal gang perpetrating the assaults, FireEye says it managed certain large-scale operations that were fast too, thus exhibiting the operational awareness along with the ability for adapting those operations by the gang. Additionally, any EoP exploit's targeted usage along with the survey needed for customizing phishing e-mails meant for potential victims, tell about the operational refinement and maturity of the gang.

» SPAMfighter News - 5/17/2016