The Latest in IT Security

Flash Exploit Targets Uyghur Website


It seems that the attacks against Uyghur hasn’t stopped. We have recently encountered a compromised Uyghur website that renders a malicious flash exploiting the CVE-2013-0634 vulnerability.

site (472k image)

The flash file contains two DLL files each embedded with EXE binaries. One DLL is for 32-bit systems, while the other appears to be for 64-bit systems.

hiew (75k image)

The executable binaries are also digitally signed with different certificates.

cert (116k image)

The sample signed with the invalid certificate from MGAME Corp. was the same one analyzed by FireEye more than a month ago. The other binary queries for updates.

Similar samples of these threats were also seen used in Tibetan targeted attacks.

Related samples:
977bb28702256d7691c2c427600841c3c68c0152 – Exploit:SWF/Salama.B
82b99d5872b6b5340f2c8c0877d6862a6b1f6076 – Trojan.Agent.AYYE
040069e5ecf1110f6634961b349938682fee2a22 – Trojan.Generic.8698229
35161bd83cbfe216a03d79e3f5efea34b62439a6 – Trojan:W32/Agent.DUJV
ce54a99d0a29c945958228ae7d755519dee88c11 – Trojan.Agent.AYAF

Post by Karmina and @Timo

Leave a reply


FRIDAY, JULY 10, 2020

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments