Security Protection – Harry Waldron MVP Rotating Header Image

Christmas 2012 – Malicious Word document circulated in targeted email

Trend Labs warns of a malicious Word document circulating in targeted attacks

http://blog.trendmicro.com/trendlabs-security-intelligence/christmas-themed-malware-starts-to-jingle-all-the-way/

QUOTE: Once again cybercriminals take advantage of the Holidays in what seem like a targeted attack against businesses and government organizations. We spotted samples that bore the filename, PROPOSED CHRISTMAS PARTY 2012.doc. Trend Micro detects this as TROJ_ARTIEF.RTN. When executed, this malware drops a file (temp.doc) that acts as decoy to trick recipients into thinking this is a legitimate document. In the document file we spotted, it looks like a supposedly invitation to a certain government office’s upcoming Christmas party.   Moreover, TROJ_ARTIEF.RTN takes advantage of (MS12-027) Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258) to drop a backdoor which we detect as BKDR_GAMFRIC.A.  This backdoor also checks what web browser is used, and creates a hidden process in order to inject its malicious codes. We speculate that this attack uses email message as delivery mechanism in order to penetrate the network of the targeted entity.

Comments are closed.