During the last few days together with our colleagues from Kaspersky Lab we have been investigating a new strain of spearphishing mails sent to the Uyghur community. You can read their analysis here. The mails sent contain a Microsoft Office .doc file that exploits MS09-027 affecting Microsoft Office for Mac, this is the same exploit used in other attacks we discovered … Read more
Cyber espionage campaign against the Uyghur community, targeting MacOSX systems
February 13th, 2013 | Posted by in APT | Attacks | Blog | Code | Exploits | Malware | News - (Comments Off)Set up your keylogger to report by email? Bad idea! (The case of Ardamax)
February 11th, 2013 | Posted by in Forensics | Malware | Windows - (Comments Off)A couple of days ago, I was surfing our wild Internet when I came up with a dirty piece of software dedicated to steal accounts of a popular build-with-bricks videogame. The program offered a premium account of the videogame for free. The real fact is that it was a stealer, which installs a keylogger on … Read more
Adobe patches two vulnerabilities being exploited in the wild
February 8th, 2013 | Posted by in APT | Attacks | Exploits | Malware - (Comments Off)Yesterday, Adobe released a patch for Adobe Flash that fixed a zeroday vulnerability that was being exploited in the wild. According to Adobe, CVE-2013-0633 is being exploited using Microsoft Office files with embedded flash content delivered via email. They are also aware of CVE-2013-0634 being exploited trough web browsers such as Firefox and Safari on MacOSX. FireEye … Read more
Red October – Indicators of Compromise and Mitigation Data
January 21st, 2013 | Posted by in APT | Attacks | Exploits | Malware - (Comments Off)Together with our partner, Kaspersky, we’re releasing a whitepaper on the “indicators of compromise” that can be useful to detect and mitigate the threats from Red October. It contains indicators to detect most of the Red October activity in your systems and networks. Inside the whitepaper you will find snort rules as well as an OpenIOC … Read more
New year, new Java zeroday!
January 10th, 2013 | Posted by in Advisory | Attacks | Exploits - (Comments Off)Earlier this morning @Kafeine alerted us about a new Java zeroday being exploited in the wild. With the files we were able to obtain we reproduced the exploit in a fully patched new installation of Java. As you can see below we tricked the malicious Java applet to execute the calc.exe in our lab. … Read more
