CVE-2010-3333

Tip-toe through the old-days, hope you don't hit a zero-day

Documents laced with malware have been found in WikiLeaks.org's cache of files obtained from hacked CIA wannabe Stratfor. Intelligence biz Stratfor was ransacked by Jeremy Hammond in late 2011, and its email archives passed to whistleblowing website WikiLeaks in early 2012. The Julian Assange™-led organization soon began distributing the archives using the BitTorrent file-sharing network, and publishing extracts on its website. In March 2015, WikiLeaks made the emails available in a handy sear...

Tat’jana Šerbakova PDF Version The number of serious cyber-attacks detected over the last two years has increased so much that new attacks rarely cause much surprise. It’s now commonplace for antivirus companies to issue a report about the discovery of another botnet or highly sophisticated malware campaign that is gathering data. Companies are increasingly falling victim to cyber-attacks. According to a survey conducted by Kaspersky Lab and B2B International, 91% of the organizations polle...

Here are answers to the most frequently asked questions related to Icefog, an APT operation targeting entities in Japan and South Korea. Icefog refers to a cyber-espionage campaign that has been active at least since 2011. It targets governmental institutions, military contractors, maritime and ship-building groups, telecom operators, satellite operators, industrial and high technology companies and mass media, mainly in South Korea and Japan. It is likely that the crew targets organizations in ...

In early June, Kaspersky Lab announced a discovery that opened a whole new chapter in the field of cyber-espionage. Named NetTraveler, this is family of malicious programs used by APT actors to successfully compromise more than 350 high-profile victims in 40 countries. The NetTraveler group infected victims across both the public and private sector including government institutions, embassies, the oil and gas industry, research centers, military contractors and activists. The threat, which has b...

Spain, Kyrgyzstan, Mongolia, China, this malware has had quite a trip, we're told

A piece of government-bothering malware called NetTraveler has been active since 2004 - and targets agencies and organisations involved in space exploration, nanotechnology, nuclear power, lasers, medicine, communications and more. And that's according to researchers at security biz Kaspersky Lab. More than 350 high-profile outfits in 40 countries have been hit by strains of NetTraveler, we're told. Embassies, oil and gas corporations, research institutes, military contractors and activists have...

This article is based on technical data from Kaspersky Lab experts and their analysis of the Korablin and Morcut malicious programs. A number of conclusions have been drawn by Kaspersky Lab experts based on open source data references in the conclusion of this publication. Any questions regarding the contents of this article can be posted on Kaspersky Lab’s securelist.com website, or you can contact Kaspersky Lab’s PR Service directly via Kaspersky.com. According to Wikipedia, “Spyware is...

In the past, we’ve seen targeted attacks against Tibetan and Uyghur activists on Windows and Mac OS X platforms. We’ve documented several interesting attacks (A Gift for Dalai Lamas Birthday and Cyber Attacks Against Uyghur Mac OS X Users Intensify) which used ZIP files as well as DOC, XLS and PDF documents rigged with exploits. Several days ago, the e-mail account of a high-profile Tibetan activist was hacked and used to send targeted attacks to other activists and human rights advocates. P...

On Feb 12th 2013, FireEye announced the discovery of an Adobe Reader 0-day exploit which is used to drop a previously unknown, advanced piece of malware. We called this new malware “ItaDuke” because it reminded us of Duqu and because of the ancient Italian comments in the shellcode copied from Dante Alighieri’s “Divine Comedy”. Previously, we posted about another campaign hitting Governments and other institutions, named Miniduke, which was also using the same “Divine Comedy” PDF e...

Last week, Adobe released a patch for a vulnerability in Flash Player that was being exploited in targeted attacks. Before reading any further, we recommend you to take a moment make sure you apply this patch. Adobe offers this nifty tool to check that you have the latest version of Flash Player. If you are running Google Chrome, make sure you have version -24.0.1312.57 m- or later. Now back to CVE-2013-0633, the critical vulnerability that was discovered and reported to Adobe by Kaspersky Lab r...

Based on the analysis of known cases, we identified two main ways through which Backdoor.Win32.Sputnik infects the victims. Both methods rely on spear-phishing e-mails which are sent to the prospective victims. The e-mails contain an attachment which is either an Excel or Word document, with enticing names. In addition to Office documents (CVE-2009-3129, CVE-2010-3333, CVE-2012-0158), it appears that the attackers also inf...

Since the publication of our report, our colleagues from Seculert have discovered and posted a blog about the usage of another delivery vector in the Red October attacks. In addition to Office documents (CVE-2009-3129, CVE-2010-3333, CVE-2012-0158), it appears that the attackers also infiltrated victim network(s) via Java exploitation (MD5: 35f1572eb7759cb7a66ca459c093e8a1 – ‘NewsFinder.jar’), known as the ‘Rhino’ exploit (CVE-2011-3544). We know the early February 2012 timeframe that ...

In October 2012, Kaspersky Lab’s Global Research & Analysis Team initiated a new threat research after a series of attacks against computer networks of various international diplomatic service agencies. A large scale cyber-espionage network was revealed and analyzed during the investigation, which we called “Red October” (after famous novel “The Hunt For The Red October”). This report is based on detailed technical analysis of a series of targeted attacks against diplomatic, govern...