PDF files look legitimate, but it is a complex malware popular Adobe governments across Europe, as well as a few U.S. organizations with hacking software download was used. Although it is not known what the hackers were after, individuals and event agencies latest security patches once downloaded, highlights the need to download.
It's a highly customizable piece of malware hackers that governments
and spy agencies around the world recently revealed a flaw Adobe has used the advantage of Wednesday, security firm Kaspersky Lab has announced.
Ireland, Belgium, Portugal, Ukraine and Czech Republic 59 victims and government agencies in 23 countries, and Hungary as a Research Foundation. A think tank, a research institution in the United States health care provider had also been targeted.
Adobe flaw attacks on security firm FireEye's attention earlier this month discovered by. Malicious malware, dubbed MiniDuke connects to servers in Panama and Turkey. Are still being attacked, but Adobe released security updates two sets, on February 20 and Tuesday, defect patch.
How does MiniDuke
Attackers material well-designed PDF files that are fabricated information seminar on human rights, victims of NATO membership plan and information about the foreign policy of Ukraine, Kaspersky said. Adobe Reader version 9, which exploits the files, 10, and 11 with assault fraud, bypassing the application sandboxes.
When a victim clicks on an infected PDF, 20 KB Downloader drops the victim on PC. This is a custom Downloader is written in assembler language written contains backdoor. When the PC is removed Downloader, uses a set of mathematical calculations, computer unique fingerprint, which is then used to determine communication.
If the target system is something Predefined requirements, malware log on to Twitter without the PC owner's knowledge, and malware command and control center set up by officials with accounts will look for specific tweets.
Encrypted specific URL for tweets backdoors to maintain label tag. The URL command and control centers, which offer the potential order and GIF files encrypted as provide access to additional backdoors move. These files appear as images on a victim PC.
In order to find the secret door can. More order continuous operators how their backdoors or malware code can be retrieved as needed.
When this additional backdoors are downloaded to a victim's PC, which is a big back door copy, move and delete files, create directories, and new malware and other tools can download and execution You can retrieve.
Systems require patches
Senior Director Brad Arkin, Adobe, newz2012 said.
It is possible that malware writers exploit vulnerability in Adobe because Adobe has released patches consumers still can not be applied
No comments:
Post a Comment