Incidents

Another Adobe Flash zero-day

Almost exactly one month ago we warned about a zero-day in Flash which was being exploited in targeted attacks. Back then, malicious SWF files were embedded inside Microsoft Excel files. Excel was used strictly as a delivery vehicle.

This month, it’s Microsoft Word’s turn. The malicious .doc referenced by Brian Krebs shares a lot of commonalities with the malicious Excel sheet from last month. So if they aren’t the same gang as before the attackers were at least inspired by this previous incident.

In contrast to last month, there’s no Poison Ivy backdoor installed in this case. This time the attack involves a Backdoor which some vendors refer to as Zolpiq, though most will be calling it something generic.

The way Zolpiq manifests itself on the system is a bit more stealthy than Poison Ivy. This may explain the shift away from the popular Poison Ivy kit. We added detection for this backdoor yesterday, as Trojan-Dropper.Win32.Small.hgt.

Overall, the same comments from last month still stand. If we want to more effectively fight these targeted attacks software vendors need to give us the option to disable features. I don’t want to view embedded Flash files in Word or Excel and neither should you. But other than uninstalling applications there isn’t a choice currently.

Another Adobe Flash zero-day

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2024

The report features the most significant developments relating to APT groups in Q3 2024, including hacktivist activity, new APT tools and campaigns.

Subscribe to our weekly e-mails

The hottest research right in your inbox