Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Wekby APT Rides Along With the Hacking Team Attack

Threatpost.com reported on 9th July, 2015 stating that the Wekby APT (Advanced Persistent Threat) group involved in many targeted attacks against healthcare businesses like Community Health Systems and major pharmaceutical companies, is apparently making use of the Adobe Flash Player zero-day which was found recently in the Hacking Team data dump.

According to Volexity, a security company based at Virginia, spear phishing email messages claiming to be from Adobe have been found spreading a modified version of the Hacking Team exploit affecting Flash Player versions up to 18.0.0.194. The company said that actually labels found in the code refer to Hacking Team.

Volexity observes that the spear phishing message urges the victim to download and install an updated version of Flash and contains a link to http://get(.)adobe(.)com which redirects the recipient to a site hosted by PEG TECH Inc. The site loads a malicious .swf file exploiting the Flash vulnerability which was mended by Adobe.

Volexity said that the malware executes and connects to a known address of Wekby command and control which was hosted in Singapore.

Any relation involving this IP address or these hostnames should be considered hostile and a possible indication to compromise.

The above IP address has functioned as a C2 server for a wide range of different malware in the past (Gh0st, Poison Ivy, Remote RSS, etc.). However, this malware, which is going around, is an improved version of the Gh0st remote access Trojan (RAT).

The zero days leveraged in Hacking Team attack is one of many Flash vulnerabilities exposed in recent times.

In June, FireEye's security researchers discovered a separate Flash flaw which is being employed by the "Clandestine Wolf" group of cybercriminals to attack business houses in the aerospace, construction, defence, technology and telecom industries.

While it is always essential to patch your software and keep it updated, it is CRITICAL to patch your Adobe Flash immediately. The attackers are having a field day with this exploit and will not slow down any time quickly. Volexity says in its blog post that patching is the most sensible course of action to deal with this exploit which is very much in the wild.

ยป SPAMfighter News - 7/24/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next