Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Adobe has issued a security advisory APSA10-03 describing a new critical vulnerability in its products. This time, the primary target is Flash Player with multiple platforms—Windows, Mac, Linux, Solaris, and Android—all affected
    and is currently being exploited in the wild. Current versions of Acrobat and Reader—the target of last week’s vulnerability—are also affected by the said exploit although Adobe states that in-the-wild attacks against these have not yet been seen.

    Trend Micro detects malicious ShockWave Flash (.SWF) files exploiting this vulnerability as TROJ_SWIF.HEL. This functions as a malware downloader from other sites. It connects to certain URLs, which lead to files detected as BKDR_POISON.AKD that, in turn, connect to a remote box somewhere in Korea. BKDR_POISON variants typically opens a hidden Internet Explorer browser to connect using certain ports.

    Interestingly, TROJ_SWIF.HEL also displays an image of a waterfall via a second embedded .SWF file, which is possibly used to trick users into thinking that they’ve opened a normal .PDF file.

    Adobe has also stated when solutions for this vulnerability as well as last week’s will be released. Flash Player will receive an update on the week of September 27. Acrobat and Reader will receive fixes on the week of October 4.

    Until the patches are released, Trend Micro offers protection for this flaw for enterprise users of Deep Security and OfficeScan with Intrusion Defense Firewall (IDF) plug-in, which has rule–1004403 (Adobe Flash Player Remote Code Execution) to block attacks against this new vulnerability.

    Update as of September 16, 2010 5:42 a.m. UTC

    We’ve found new malware that also leverages on this vulnerability, and it is now detected as TROJ_SWIF.HEI.

    Update as of September 20, 2010 7:17 a.m. UTC

    TROJ_SWIF.HEL and TROJ_SWIF.HEI have been renamed to SWF_DLOADR.APP and SWF_TOOBERR.A respectively.

    Update as of September 21, 2010 9:00 AM UTC

    Adobe has issued security updates for Flash Player that resolves this issue.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice