Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    We were alerted to reports of an exploit targeting the CVE-2012-1535, a vulnerability in Adobe Flash Player to drop a backdoor into the vulnerable system.

    The said exploit masquerades as a .DOC file (detected as TROJ_MDROP.EVL) that possibly arrives as an attachment to email messages. Users who are tricked into opening the said file actually execute the said exploit. Once exploit is successful, it then drops the files %User Profile%Application Datataskman.dll and %User Profile%Local Settings~WORDL.tmp, which are detected by Trend Micro as BKDR_BRIBA.EVL. Said backdoor attempts to make a connection to http://publicnews.{BLOCKED}, possibly to download another file. However, said URL is inaccessible as of this writing.

    Affected Adobe Flash Player versions include 11.3.300.270 and earlier versions for Windows, Mac, and Linux OS. Android OS users need not worry as they are not affected by this vulnerability.

    Trend Micro Smart Protection Network™ detects and deletes all malware related to this attack. It also prevents connections made to related URLs accessed by both malware. Deep Security users are protected via the following rules:

    • 1004114 – Identified Malicious Adobe SWF File
    • 1004647 – Restrict Microsoft Office File With Embedded SWF

    Whenever possible, immediately apply the latest security update released by Adobe. Users should also refrain from opening email messages and downloading attachments coming from unknown resources.

    Update as of August 17, 2012 6:36 AM PST

    Additional Deep Security rules have been issued for customers. Apply the following rules to protect your network against this exploit:

    • 1005154 – Adobe Flash Player Remote Code Execution Vulnerability
    • 1005155 – Adobe Flash Player Remote Code Execution Vulnerability (CVE-2012-1535)

    Coming Soon: The TrendLabs Security Intelligence Blog will be the new Malware Blog

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice