Featured Articles

Intel refreshes CPU roadmap

Intel refreshes CPU roadmap

Intel has revealed an update to its CPU roadmap and some things have changed in 2015 and beyond. Let’s start with the…

More...
Hands on: Nvidia Shield Tablet with Android 5.0

Hands on: Nvidia Shield Tablet with Android 5.0

We broke the news of Nvidia's ambitious gaming tablet plans back in May and now the Shield tablet got a bit…

More...
Nokia N1 Android tablet ships in Q1 2015

Nokia N1 Android tablet ships in Q1 2015

Nokia has announced its first Android tablet and when we say Nokia, we don’t mean Microsoft. The Nokia N1 was designed…

More...
Marvell launches octa-core 64-bit PXA1936

Marvell launches octa-core 64-bit PXA1936

Marvell is better known for its storage controllers, but the company doesn’t want to give up on the smartphone and…

More...
Nvidia GTX 970 SLI tested

Nvidia GTX 970 SLI tested

Nvidia recently released two new graphics cards based on its latest Maxwell GPU architecture, with exceptional performance-per-watt. The Geforce GTX 970…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Wednesday, 30 April 2014 12:03

Kaspersky find a new zero day Flash flaw

Written by Nick Farrell



Flash… ahhhhh it will eat everyone of us

Kaspersky Labs have found a new zero day flash flaw after spotting two exploits in the wild. Kaspersky expert Vyacheslav Zakorzhevsky said that the vulnerability is located in the Pixel Bender component, designed for video and image processing. The company received a sample of the first exploit on April 14, while a sample of the second came on April 16. The first exploit was initially recorded by KSN on April 9, when it was detected by a generic heuristic signature.

There were numerous subsequent detections on April 14 and 16. In other words, we succeeded in detecting a previously unknown threat using heuristics. The exploits were stored as movie.swf and include.swf at an infected site. The only difference between the two were their shellcodes. The second exploit (include.swf) wasn't detected using the same heuristic signature as the first, because it contained a unique shellcode. Each exploit comes as an unpacked flash video file. The Action Script code inside was neither obfuscated nor encrypted.

Zakorzhevsky was sure the software was designed to carry out malicious activity against a very specific group of users without attracting the attention of security solutions. Both the exploits detected by us spread from a site located at http://jpic.gov.sy.

The site was launched back in 2011 by the Syrian Ministry of Justice and was designed as an online form for citizens to complain about law and order violations. We believe the attack was designed to target Syrian dissidents complaining about the government.

The site was hacked in September 2013, something the alleged hacker announced on his twitter account. It's likely that the attack was carefully planned and that professionals of a pretty high caliber were behind it. The use of professionally written 0-day exploits that were used to infect a single resource testifies to this, Zakorzhevsky said.

Nick Farrell

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments