Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    Trend Micro has acquired samples of an exploit targeting the recent zero-day vulnerability affecting Windows XP and Server 2003. This is an elevation of privilege vulnerability, which may allow an attacker to gain privileges that would enable him to do various activities, including deleting or viewing data, installing programs, or creating accounts with administrative privileges.

    We acquired this sample from a targeted attack. In this incident, a malicious PDF (detected as TROJ_PIDEF.GUD) exploits an Adobe vulnerability (CVE-2013-3346) referenced in APSB13-15, which was released in May of this year. This vulnerability is used in tandem with the Windows zero-day vulnerability  (CVE-2013-5065), resulting in a backdoor being dropped into the system. The backdoor, detected as BKDR_TAVDIG.GUD, performs several routines including downloading and executing files and posting system information to its command-and-control server.

    This incident also serves as a reminder to users of the importance of shifting to the newer versions of Windows. Last April, Microsoft announced that they will discontinue its support of Windows XP by April 2014. For users, this may mean that they will no longer receive security updates provided by the software vendor. Those who are using Windows XP will be vulnerable to attacks using exploits targeting the OS version.

    Users with systems running on later versions of Windows are not affected by this threat. Trend Micro protects users from this threat by detecting and deleting all related malware. We will provide further information about this vulnerability at a later time.

    Update as of 9:00 AM, PST November 29, 2013

    Trend Micro Deep Security protects users from threats exploiting the vulnerabilities cited in this entry via the following rules:

    • 1005801 – Microsoft Windows Kernel Elevation Of Privilege Vulnerability (CVE-2013-5065)
    • 1005798 – Adobe Acrobat And Reader ToolButton Remote Code Execution Vulnerability (CVE-2013-3346)




    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice