Featured Articles

Apple iPad Air 2 costs $275 to build

Apple iPad Air 2 costs $275 to build

IHS has told Recode that the Apple iPad Air 2 16GB Wifi costs only $275 to build -- not bad…

More...
LG sells 16.8 million smartphones in Q3 14

LG sells 16.8 million smartphones in Q3 14

As Samsung is losing market share, another Korean company, which many had written off, is gaining.

More...
LG G Watch R EU price set at €299

LG G Watch R EU price set at €299

LG G Watch R is probably the best looking Android Wear device on the market and many have been waiting for…

More...
Nvidia GTX 970 SLI tested

Nvidia GTX 970 SLI tested

Nvidia recently released two new graphics cards based on its latest Maxwell GPU architecture, with exceptional performance-per-watt. The Geforce GTX 970…

More...
Gainward GTX 970 Phantom previewed

Gainward GTX 970 Phantom previewed

Nvidia has released two new graphics cards based on its latest Maxwell GPU architecture. The Geforce GTX 970 and Geforce GTX…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Wednesday, 30 April 2014 12:03

Kaspersky find a new zero day Flash flaw

Written by Nick Farrell



Flash… ahhhhh it will eat everyone of us

Kaspersky Labs have found a new zero day flash flaw after spotting two exploits in the wild. Kaspersky expert Vyacheslav Zakorzhevsky said that the vulnerability is located in the Pixel Bender component, designed for video and image processing. The company received a sample of the first exploit on April 14, while a sample of the second came on April 16. The first exploit was initially recorded by KSN on April 9, when it was detected by a generic heuristic signature.

There were numerous subsequent detections on April 14 and 16. In other words, we succeeded in detecting a previously unknown threat using heuristics. The exploits were stored as movie.swf and include.swf at an infected site. The only difference between the two were their shellcodes. The second exploit (include.swf) wasn't detected using the same heuristic signature as the first, because it contained a unique shellcode. Each exploit comes as an unpacked flash video file. The Action Script code inside was neither obfuscated nor encrypted.

Zakorzhevsky was sure the software was designed to carry out malicious activity against a very specific group of users without attracting the attention of security solutions. Both the exploits detected by us spread from a site located at http://jpic.gov.sy.

The site was launched back in 2011 by the Syrian Ministry of Justice and was designed as an online form for citizens to complain about law and order violations. We believe the attack was designed to target Syrian dissidents complaining about the government.

The site was hacked in September 2013, something the alleged hacker announced on his twitter account. It's likely that the attack was carefully planned and that professionals of a pretty high caliber were behind it. The use of professionally written 0-day exploits that were used to infect a single resource testifies to this, Zakorzhevsky said.

Nick Farrell

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments