Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Once again cybercriminals take advantage of the Holidays in what seem like a targeted attack against businesses and government organizations. We spotted samples that bore the filename, PROPOSED CHRISTMAS PARTY 2012.doc. Trend Micro detects this as TROJ_ARTIEF.RTN. When executed, this malware drops a file (temp.doc) that acts as decoy to trick recipients into thinking this is a legitimate document. In the document file we spotted, it looks like a supposedly invitation to a certain government office’s upcoming Christmas party.

    Moreover, TROJ_ARTIEF.RTN takes advantage of (MS12-027) Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258) to drop a backdoor which we detect as BKDR_GAMFRIC.A. Once run on the infected system, BKDR_GAMFRIC.A connects to its C&C server, http://{BLOCKED}  It also executes the following commands, which can compromise system security:

    • Download and execute arbitrary files
    • Get Network Information
    • Get Username/Computername
    • Get OS Information
    • Get running process
    • Get Installed Applications
    • Perform Shell Command

    This backdoor also checks what web browser is used, and creates a hidden process in order to inject its malicious codes. We speculate that this attack uses email message as delivery mechanism in order to penetrate the network of the targeted entity. In our primer, Covert Arrivals: Email’s Role in APT Campaigns, we tackled how email is used by threat actors as one of the entry points of APTs and targeted attacks. These email messages used social engineering techniques to trick users. In this case, the cybercriminals employed Christmas and annual Xmas parties. We’re currently monitoring this threat for any developments.

    In the past, we reported various incidents that leveraged the Holidays as seen in the following posts:

    Trend Micro protects users from this attack via its Smart Protection Network that detects the malicious files.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice