Security Report: Most Common Exploit

Wednesday, June 25, 2014 @ 11:06 AM gHale


A remote code execution vulnerability discovered in April 2012 was the most commonly exploited vulnerability related to targeted attacks in the second half of 2013.

The vulnerability – CVE-2012-0158 – impacts Windows common controls, said Christopher Budd, threat communications manager for Trend Micro. The patch went out more than two years ago. The hole affects a range of products, most notably Office.

RELATED STORIES
BYOD Use Surging; Policy Usage Weak
Breaches Continue Upward Trend
Attackers Exploit Privileged Accounts
Cloud Breach: Cost 3 Times Higher

The flaw was in 76 percent of targeted attacks in the back half of 2013, said Maersk Menrige, a threats analyst with Trend Micro in a blog post. The runner-up, CVE-2010-3333, a stack-based buffer overflow vulnerability in versions of Office, was in only 10 percent of targeted attacks.

Trend Micro researchers just saw the vulnerability in use in a targeted phishing attack using emails with the subject, “BREAKING: Plane Crash in Laos Kills Top Government Officials,” according to the post.

“The email attachments comprised of two legitimate JPG files and an archive file, which in some cases contain TROJ_MDROP.TRX,” Menrige said. “Once [the CVE-2012-0158 vulnerability is] exploited, it drops a backdoor detected as a BKDR_FARFLI variant.”

The backdoor executes commands to steal information, including processor and system architecture information, computer names and usernames, network information and proxy settings, Menrige said, adding it also communicates with a command-and-control server located in Hong Kong.



Leave a Reply

You must be logged in to post a comment.