Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Malware writers are exploiting four RTF security vulnerabilities

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

April 20, 2016

We just learned this morning that malware writers are now exploiting four RTF vulnerabilities, in a mischief campaign to target journalists, human rights activists, and Tibetans across Hong Kong and Taiwan.

And it appears that this has been going on for some time. Arbor Networks' study found that malware writers are exploiting since-patched security vulnerabilities relating to rich text formats (CVE-2012-0158; CVE-2012-1856; CVE-2015-1641, and CVE-2015-1770) which help deliver at least 6 forms of Chinese malware.

Arbor Networks' research team asserts that the characteristics of the tools, tactics and procedures also match those of the attack group known as "Five Poisons", and overlaps with another called Operation Shrouded Crossbow.

"The RTF files in question that were observed contained up to four unique exploits for various versions of Office," the team says in an intelligence report.

"Due to the rather easy delivery of RTF files as attachments and the observation of numerous spear phish samples which reveal precise targeting and timelines, it's very likely that spearphish was the primary vector of choice for most or all of the targeted exploitation scenarios."

The attacks in question follow the cycle typical of those hitting Tibetan activists-- a phishing email purporting to contain information relating to U.S. sanctions which contains a malicious attachment.

To be sure, those files are compiled using a builder labelled the 'Four Element Sword' which also resembles known malware of various categories.

Patched vulnerabilities work fine for targeting activists in the region thanks to poor maintenance which keeps users exposed to older bugs, however.

The security attacks come ahead of the Tibetan general election which spells several opportunities for phishers and hackers prepared to craft malicious campaigns around current political news.

Source: Arbor Networks.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer