Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Here is yet another case of Patch Tuesday/Exploit Wednesday. While the bounty hunt for software vulnerabilities is still very much an active industry, malware authors have been seen to watch out for (and ultimately prey on) vulnerabilities disclosed by legitimate software vendors. This isn’t as irrational as it looks; malware authors are not looking for massive hits, just the numerous few who do not take care enough to download and install software patches.

    A few days after the regulation Patch Tuesday last April 8, our researchers were alerted to an exploit-backdoor tandem that specifically takes advantage of the vulnerability discussed in the Microsoft Security Bulletin MS08-021 (classified as critical). This vulnerability refers to the Graphical Device Interface (GDI) available in Windows operation systems. treats information. The exploatation of this vulnerability allows an attacker to take full control of a computer system.

    A file named TOP.JPG has been found to successsfully use this flaw. It was found hosted on sites, and arrives on a system as an executable which is now detected as EXPL_NEVAR.B. Its specific routine connects to an URL for downloading a file named WORD.GIF (which is also detected by Trend Micro, as BKDR_POISONIV.QI). Backdoors perform silent commands on the compromised computer without the user knowing it.

    Users should update applications and operating systems the moment patches are available.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice