We reported on all the recent cyberattacks lately, but didn’t catch this, so here’s an addendum to yesterday’s story:
Consistent with our security response practices, we chose not to make a statement during the initial information gathering process. During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing.
Only need to say a few words here… do not click on these ads, as they are potential exploits leading to malware/viruses:
Protect yourself from ads automatically with Kaspersky Products:
Most malware analysis these days targets Windows machines. However, trojans are becoming more interesting. Hackers create these trojans, and want to get backdoor access to any machine.
Trojan malware has stepped up game. Hackers want more access, so trojans are being created to target multiple platforms. Imagine the payload of a trojan being targeted to Windows, Mac, and Linux.
Due to recent discoveries of this multi-platform malware in a Columbian Transport site. A JAR (java archive) is used to detect what OS the user is running, and then the trojan is sent to infect the specific OS. And of course, this is all too similar to the Boonana Worm. Or how about the first cross-platform worm: Badbunny. Yeah, not so dumb now.
Keep an eye out or ear open for the latest in multi-platform malware. Predictions show that this will be an ongoing problem. Good thing we’ve nipped it in the bud. But, of course, studying all of the latest new threats is a key target here at seCURE Connexion.
One of the main things we look for in malware now has to do with whether or not it is multi-platform. If it has different inferences for different platforms, we want to discover it.
Also, one thing to keep in mind, that this is also a way to exploit Java by using it to gain temporary access to the operating system in question, and then gaining permanent access afterward by infecting the system. It’s an exploit-in-depth process to make sure each exploit is targeted at the said platform.
Web-based malware is also increasing, and languages like Ruby, Java, and Flash are all at risk. Since they are web-based languages, they need to be watched for vulnerabilities much closer than basic software languages, such as C++, C#, Delphi, etc.
What is even more interesting is the factors it uses to infect the system as well. Exploit traps work best, when they evade antivirus programs, know what platform they will be working on, and if the vulnerability exists to conduct the exploit. This is what we call “exploit-in-depth” (EID).
How can we counter this EID? By conducting defense-in-depth control over our computers. No matter the type of OS you have, the danger for malware will lurk around.
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
Unpatched, critical, security vulnerability in Microsoft XML Core Services is actively being exploited by attackers.
By simply visiting the website on vulnerable machine, the computer can become infected.
Here are the provisions of this bug:
- Web-based attack scenario, which means users have to be led to the site to exploit the vulnerability through a specifically crafted link (such as email message, instant message, etc.)
- If the attacker successfully exploits this flaw and gets on to the victim’s machine, it will obtain the same user rights as the current user logged in. Depending on the type of account (limited or administrator), will declare the ability of the malware.
CVE entry: CVE-2012-1889
Microsoft KB entry: KB2719615
A temporary fix is in place by Microsoft: Fix-It – Please secure your system now! The final fix is being developed by Microsoft.
- Microsoft XML vulnerability under active exploitation (googleonlinesecurity.blogspot.com)
- IE remote code execution vulnerability being actively exploited in the wild (nakedsecurity.sophos.com)
You may want to consider purchasing Malwarebytes’ Anti-Malware to protect against these types of threats.