<<<
Wednesday, April 29, 2009
>>>
 
Targeted Examples Posted by Mikko @ 14:22 GMT

We continue to see targeted attacks. More and more of them. We're currently collecting some statistics on the frequency of these attacks and hope to publish them here later this week.

Here's some recent examples of documents that we've seen in targeted attacks. All of them use known vulnerabilities to drop backdoors to take over the computer.

The examples cover all popular file types: DOC, XLS, PPT and PDF. (Just to be fair.)

We've seen all of these cases exactly once, worldwide. So whomever got hit by these, it wasn't just bad luck and it wasn't just a coincidence.

Our first example looks like an average in-house purchase agreement… but when viewed, it drops a backdoor that connects to lemondtree.freetcp.com. XLS file.

Assets

Connects to heet.25u.com. PDF file.

UNICEF

Drops files called hlwin32.dll, hlsvc32.dll and svchost.exe to SYSTEM32 or TEMP folders. PPT file.

USFood

"Fertilizer news and analysis"? What? Drops a backdoor that connects to wolfdu.5166.info. PDF file.

Market

Drops a variant of Poison Ivy remote access trojan. PDF file.

Medvedev

We don't have any information on the identities of the parties targeted with these attacks.






<<< Two New Vulnerabilities in Adobe Acrobat Reader
|
Facebook Security Questions >>>