Since the publication of our report, our colleagues from Seculert have discovered and posted a blog about the usage of another delivery vector in the Red October attacks. In addition to Office documents (CVE-2009-3129, CVE-2010-3333, CVE-2012-0158), it appears that the attackers also infiltrated victim network(s) via Java exploitation (MD5: 35f1572eb7759cb7a66ca459c093e8a1 – ‘NewsFinder.jar’), known as the […]
Unlike humans, who usually need a nap after a big Thanksgiving Day feast, our automated modules keep working away. Either that, or malware has zero calories so WebPulse stays hungry… 😉 As I tweeted (@bc_malware_guy) on Saturday, our logs show another “Fake Foto” attack targeting Facebook users, beginning late Friday night (22:43:54 UTC in our […]
We discussed much of the unfolding Duqu attack in our previous post. Some new light has recently illuminated some missing pieces to this interesting attack. Researchers at CrySys Labs in Hungary have disclosed information about a Word document that is purported to be the installer file for the Duqu attacks. The document loads a kernel […]
Latest Comments