Sandworm(CVE-2 0 1 4-4 1 1 4 new variants discovered for Taiwan's APT attacks-a vulnerability warning-the black bar safety net

2014-10-24T00:00:00
ID MYHACK58:62201454998
Type myhack58
Reporter 佚名
Modified 2014-10-24T00:00:00

Description

!

Xecure lab on 1 0 On 1 7, found variant of the 0day vulnerabilities worms(CVE-2 0 1 4-4 1 1 4 have been used in the for the Government of Taiwan and various units of APT attacks, the current mainstream anti-virus software also can't effectively detected. The variant can be directly embedded malicious software, and the local trigger, no need to from a remote shared server to download malicious code.

A,

Frightening is that the attacker by CVE-2 0 1 4-4 1 1 4 vulnerability use the INF that comes with a functional, fully without having to write complex Shellcode, and bypassing the currentsecuritymechanism, and stable and rude, you can directly execute any program, which is a hacker favorite, but few appear designed to fight Office 2 0 0 7 After Exploit it. Currently Taidoor with LStudio malware families have begun to use in the APT Email, we expect that in six months will have been pandemic.

CVE-2 0 1 4-4 1 1 4 vulnerability is at 2014-10-14 is iSIGHT found, and write a wonderful analysis of the report of the iSIGHT discovers zero-day vulnerabilityCVE-2 0 1 4-4 1 1 4 used in Russian cyber-espionage campaign, researchers call the sand worm event. It has been reported that the vulnerability first appeared 9 months of this year to be found the attack of the sample, is utilized in the attack of the Ukrainian government APT the mail, later also be found used in attacks North Atlantic Treaty Organization and the United States some of the units. Last week, Microsoft released a new hotfix MS14-0 6 0, basically all of the Windows have installed Office 2 0 0 7, 2 0 1 3 are likely to be attacked. Since Microsoft has been in the 1-4 numbers out of the patch, so the attacker began large-scale use in the criminal software on the play residual value. The European discovery of the CVE-2 0 1 4-4 1 1 4 has been implanted into the BlackEnergy malware.

[1] [2] [3] [4] [5] [6] next