Be on the lookout!

virus.jpg

We were alerted by Symantic that a new virus is known to be in the wild. The bad guys are exploiting Apple fans. They are using iPhone 5 rumors in malicious Word documents and email to entice online victims with file names referencing Apple’s iPhone to attack a PC. Thus far this vulnerability is only present in Windows running Adobe Flash version 11. You can find more information about this vulnerability here. The bad guys are using a social engineering technique in addition to a known vulnerability to get you to infect your computer.

Example of the email. (note the attachment name)

Unknown.png

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The .doc files attached to the email contain hidden malicious .swf files. The .swf files then drop more files onto the compromised computer, which are then opened, for example:

  • %Temp%\~WRD0001.doc           
  • %Temp%\Word8.0\ShockwaveFlashObjects.exd
  • %Temp%\Word8.0\ShockwaveFlashObjects.exd             
  • %Temp%\Word8.0\ShockwaveFlashObjects.exd
  • %UserProfile%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol

Meanwhile, the threat is also downloaded and then executed.

The .dll files dropped by the threat are detected as Backdoor.Briba and the dropped .doc files are detected as Trojan.Mdropper.

Adobe has released a security update to correct this vulnerability.

Just remember to be vary careful when opening any attachments, but beware of any saying that have any information about Apple. Remember Apple keeps a secret better than anyone, so there won’t be an email floating around.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s