Iranian Nuclear Program Used As Lure in Flash-Based Targeted Attacks

[InfoSec News <alerts () infosecnews org>]

http://www.csoonline.com/article/701565/iranian-nuclear-program-used-as-lure-in-flash-based-targeted-attacks

By Lucian Constantin
CSO Online
March 06, 2012

A new targeted email attack is exploiting interest in the Iranian 
nuclear program to trick people into opening booby-trapped Word 
documents that exploit a known Flash Player vulnerability to install 
malware.

"There seems to be a new campaign underway using this new CVE-2012-0754 
exploit," said independent security researcher Mila Parkour in a blog 
post on Monday. The exploit is triggered when Flash Player tries to read 
a maliciously crafted MP4 file.

The rogue emails contain an attachment called "Iran's Oil and Nuclear 
Situation.doc," that has malicious Flash content embedded inside. When 
the Word document is opened, Flash Player tries to download and play a 
malformed MP4 file, which triggers a memory corruption and gives the 
exploit arbitrary code-execution ability on the machine.

The exploit is designed to drop and install a computer Trojan detected 
by some antivirus products as Graftor or Yayih.A, Parkour said. "If you 
are tracking APT [advanced persistent threats], you are likely to 
recognize this trojan."

[...]


______________________________________________________________________________
Certified Ethical Hacker and CISSP training with Expanding Security gives
the best training and support.  Get a free live class invite weekly.  Best
program, best price. http://www.ExpandingSecurity.com/PainPill