Newsfeed
Nachrichtenbote
It seems that attacks against Uyghur haven't stopped. We have recently encountered a compromised Uyghur website that renders a malicious flash exploiting the CVE-2013-0634 vulnerability.
The flash file contains two DLL files each embedded with EXE binaries. One DLL is for 32-bit systems, while the other appears to be for 64-bit systems.
The executable binaries are also digitally signed with different certificates.
The sample signed with the invalid certificate from MGAME Corp. was the same one analyzed by FireEye more than a month ago. The other binary queries blog.sina.com.cn for updates.
Similar samples of these threats were also seen used in Tibetan targeted attacks.
Related samples:
• 977bb28702256d7691c2c427600841c3c68c0152 – Exploit:SWF/Salama.B
• 82b99d5872b6b5340f2c8c0877d6862a6b1f6076 – Trojan.Agent.AYYE
• 040069e5ecf1110f6634961b349938682fee2a22 – Trojan.Generic.8698229
• 35161bd83cbfe216a03d79e3f5efea34b62439a6 – Trojan:W32/Agent.DUJV
• ce54a99d0a29c945958228ae7d755519dee88c11 – Trojan.Agent.AYAF
Post by — Karmina and @Timo
On 13/03/13 At 06:47 PM
Weiterlesen...
The flash file contains two DLL files each embedded with EXE binaries. One DLL is for 32-bit systems, while the other appears to be for 64-bit systems.
The executable binaries are also digitally signed with different certificates.
The sample signed with the invalid certificate from MGAME Corp. was the same one analyzed by FireEye more than a month ago. The other binary queries blog.sina.com.cn for updates.
Similar samples of these threats were also seen used in Tibetan targeted attacks.
Related samples:
• 977bb28702256d7691c2c427600841c3c68c0152 – Exploit:SWF/Salama.B
• 82b99d5872b6b5340f2c8c0877d6862a6b1f6076 – Trojan.Agent.AYYE
• 040069e5ecf1110f6634961b349938682fee2a22 – Trojan.Generic.8698229
• 35161bd83cbfe216a03d79e3f5efea34b62439a6 – Trojan:W32/Agent.DUJV
• ce54a99d0a29c945958228ae7d755519dee88c11 – Trojan.Agent.AYAF
Post by — Karmina and @Timo
On 13/03/13 At 06:47 PM
Weiterlesen...