Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    April 2012
    S M T W T F S
    « Mar   May »
  • Email Subscription

  • About Us

    Archive for April 16th, 2012

    Days after Microsoft released six bulletins, we now have just spotted a number of Trojanized RTF files circulating in-the-wild. The said files are exploiting CVE-2012-0158, which is included in MS12-027. That particular bulletin affects a number of Microsoft programs, particularly versions of MS Office, Visual FoxPro, Commerce Server, BizTalk Server, as well as SQL Server.

    We spotted a Trojanized RTF file that came in the following email message as an attachment:

    The email again containing Pro-Tibetan sentiments and sent to a public Tibetan NGO email address that we have also seen being targeted in the past. Again, the said email claims to be coming from a public Tibetan figure.

    The attachment RTF file Inside Information.doc, detected as TROJ_MDROP.GDL, has an embedded EXE file (encrypted) and an embedded decoy DOC file (also encrypted). The dropped EXE payload, detected as TSPY_GEDDEL.EVL, drops and installs a file named fxsst.dll also detected as TSPY_GEDDEL.EVL. Outbound connections are then seen to hosts whose NS record point to China.

    Read the rest of this entry »



    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice