Quantcast
Channel: BOT24
Viewing all articles
Browse latest Browse all 8064

LADYBOYLE COMES TO TOWN WITH A NEW EXPLOIT

$
0
0

By now you have probably heard of the new zero-day exploit in Adobe flash that was patched today. FireEye Labs identified the exploit in the wild on 02/05/2013, which based on the compile time and document creation time is the same day the malicious payload was generated. Adobe PSIRT has released information about this threat here. They have also released an advisory with details on versions and platforms affected along with applicable patches. The two exploits have been assigned CVE-2013-0633 and CVE-2013-0634. It is highly recommended that you apply this patch right away, as this threat is active in the wild.

We will examine the payload executed as a part of this threat in the wild. We have identified two unique word files containing CVE-2013-0633 so far. It is interesting to note that even though the contents of Word files are in English, the codepage of Word files are "Windows Simplified Chinese (PRC, Singapore)". The Word files contain a macro to load an embedded SWF flash object.

The SWF file contains an action script with the name “LadyBoyle” that contains the exploit code. The exploit only supports limited version of Flash as evident in the action script seen in Figure 1. It also checks for

read more........http://blog.fireeye.com/research/2013/02/lady-boyle-comes-to-town-with-a-new-exploit.html

Viewing all articles
Browse latest Browse all 8064

Trending Articles