2 0 1 5 year at the beginning of the Adobe Flash sequential burst more*0dayvulnerability, and has not been repaired when it was*large-scale malicious usethe. Recently, Trend Micro security researchers in Adobe 0day vulnerabilities in the tracking survey, found BEDEP series virus with the Adobe Flash 0day vulnerability exists in close Association.
Multiple use BEDEP virus
Flash 0day vulnerability has been used more than once BEDEP virus as its attack payload the Payload. 1 the end of the month, we found a Flash 0day vulnerability, and this vulnerability in the infected computer to download BEDEP virus for a deeper invasion. And, in a recent Vulnerability(CVE-2 0 1 5-0 3 1 3)also the use of the BEDEP virus.
According to our analysis, the infection process begins with the presence of some malicious advertisement websites. Under normal circumstances, the user want to click on malicious ads will only be infected with a virus. However, in this case, the user need not do anything, because this site has been hacked. the site is hung up the Trojan horse in.
Once the user visits the website, the malicious ads automatically redirect them to a"Hanjuan exploit kit"page. This page will perform the Flash 0day exploit program(SWF_EXPLOIT. MJST), and then download the implementation of the two pass encoding the attack Payload, respectively, is BKDR64_BEDEP. E and TROJ64_BEDEP. B.
FreeBuf small science: the Payload is encoded to evade detection by a common means, the encoded payload through a network layer transmission time is difficult to detect or scan.
BEDEP family history