The Latest in IT Security

North Korea Rocket Launch Used As Backdoor Lure

26
Apr
2012

Using global political news as a social engineering hook is a popular cybercrime tool, particularly used to lure users into their malicious schemes. We have recently found a malicious file leveraging a noteworthy incident, one that leads to systems being infected with a backdoor.

During the second of week of April, the most talked about news was North Korea’s failed attempt to launch a rocket. As expected, the bad guys are on the prowl for the next social engineering bait and the said news item was found the be the fitting choice.

The file we found was named North Korea satellite launch eclipses that of Iran.doc. The said file, detected as TROJ_ARTIEF.DOC, may arrive as an attachment to an email message. Once executed, this Trojan exploits the vulnerability in RTF Stack Buffer Overflow Vulnerability (CVE-2010-3333) to drop the backdoor BKDR_POISON.DOC onto the system.

This particular backdoor is able to execute some interesting routines. Based on our analysis, this backdoor communicates to a command and control server on TCP Port 443. The remote user may then command the backdoor to perform several commands, including initiating screen capture, webcam and audio file grabbing. This routine enables a remote attacker to monitor users’ activities in the infected system.

This attack is reminiscent of similar cases we’ve reported in the past, wherein cybercriminals use messages with important-looking file names, which turn out to be malware that exploits particular vulnerabilities.

Trend Micro protects users from this attack via products powered by the Trend MicroT Smart Protection NetworkT. Moreover, Trend Micro Deep Security and Intrusion Defense Firewall prevents the exploit targeting CVE-2010-33 via rule 1004498 – Word RTF File Parsing Stack Buffer Overflow Vulnerability.

With additional input from Nart Villeneuve

Leave a reply


Categories

THURSDAY, AUGUST 22, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks