Last June 13, Microsoft released its security update for Cumulative Security Update for Internet Explorer (2699988) (CVE-2012-1875), which is exploited by a malware detected by Trend Micro as JS_DLOADER.SMGA. The attack code for this vulnerability has also been made public. There are few cases where that attack code is released simultaneously with Microsoft’s security update. In general, malware exploiting such vulnerabilities don’t show up quickly. Since the affected software is Internet Explorer, this attack has significant impact among millions of IE8 users.
By exploiting CVE-2012-1875, JS_DLOADER.SMGA poses a bigger threat to users as it also downloads the backdoor BKDR_AGENT.BCSG, disguised as a .JPG file. This backdoor is capable of communicating with a command-and-control (C&C) server via port 80. In effect, this communication compromises an infected system’s security, making it exposed to further infection.