Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2012
    S M T W T F S
    « Mar   May »
    1234567
    891011121314
    15161718192021
    22232425262728
    2930  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for April 16th, 2012




    Days after Microsoft released six bulletins, we now have just spotted a number of Trojanized RTF files circulating in-the-wild. The said files are exploiting CVE-2012-0158, which is included in MS12-027. That particular bulletin affects a number of Microsoft programs, particularly versions of MS Office, Visual FoxPro, Commerce Server, BizTalk Server, as well as SQL Server.

    We spotted a Trojanized RTF file that came in the following email message as an attachment:

    The email again containing Pro-Tibetan sentiments and sent to a public Tibetan NGO email address that we have also seen being targeted in the past. Again, the said email claims to be coming from a public Tibetan figure.

    The attachment RTF file Inside Information.doc, detected as TROJ_MDROP.GDL, has an embedded EXE file (encrypted) and an embedded decoy DOC file (also encrypted). The dropped EXE payload, detected as TSPY_GEDDEL.EVL, drops and installs a file named fxsst.dll also detected as TSPY_GEDDEL.EVL. Outbound connections are then seen to hosts whose NS record point to China.

    Read the rest of this entry »

     


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice