Security experts have warned that organised criminals are taking advantage of a recently discovered zero-day vulnerability in Microsoft Word to infect vulnerable PCs.
Microsoft has confirmed that the exploit, which takes advantage of a Microsoft graphics component via a malicious Word document, has been used in attacks, although the ones that have been spotted are "very limited and carefully carried out against selected computers, largely in the Middle East and South Asia".
Security firm FireEye has analysed this zero-day exploit and found a connection between these attacks and those previously documented in Operation Hangover, which adds India and Pakistan into the mix of targets.
However, FireEye has found that another group also has access to this exploit and is using it to deliver the Citadel Trojan malware. "This group, which we call the Arx group, may have had access to the exploit before the Hangover group did. Information obtained from CnCs operated by the Arx group revealed that 619 targets (4024 unique IP addresses) have been compromised," the security company reported.
From the analysis, FireEye warned that it seems the use of this zero-day exploit (CVE-2013-3906) is "more widespread than previously believed". Two different groups are using this exploit: Hangover and Ark. Hangover has been previously connected with a targeted malware campaign, and the Ark group is operating a Citadel-based botnet for organised crime.
Microsoft usually fixes exploits such as this once a month on so-called "patch Tuesday", but this month's updates won't include a fix for this particular back door.
Andoid Games
No comments:
Post a Comment