Featured Articles

Analyst reveals Apple Watch spec

Analyst reveals Apple Watch spec

An analyst has examined the Apple Watch supply chain in an effort to ascertain the exact spec of Cupertino’s new gadget…

More...
Nvidia's first 20nm product is a mobile SoC

Nvidia's first 20nm product is a mobile SoC

For much of the year we were under the impression that the second generation Maxwell will end up as a 20nm…

More...
Nvidia GTX 980 reviewed

Nvidia GTX 980 reviewed

Nvidia has released two new graphics cards based on its latest Maxwell GPU architecture. The Geforce GTX 970 and Geforce GTX…

More...
Nvidia adjusts GTX 980 and GTX 970 pricing

Nvidia adjusts GTX 980 and GTX 970 pricing

It appears that Nvidia has been feeling the pulse of the market and took some note from comments regarding the original…

More...
PowerColor TurboDuo R9 285 reviewed

PowerColor TurboDuo R9 285 reviewed

Today we will take a look at the PowerColor TurboDuo Radeon R9 285. The card is based on AMD’s new…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Wednesday, 30 April 2014 12:03

Kaspersky find a new zero day Flash flaw

Written by Nick Farrell



Flash… ahhhhh it will eat everyone of us

Kaspersky Labs have found a new zero day flash flaw after spotting two exploits in the wild. Kaspersky expert Vyacheslav Zakorzhevsky said that the vulnerability is located in the Pixel Bender component, designed for video and image processing. The company received a sample of the first exploit on April 14, while a sample of the second came on April 16. The first exploit was initially recorded by KSN on April 9, when it was detected by a generic heuristic signature.

There were numerous subsequent detections on April 14 and 16. In other words, we succeeded in detecting a previously unknown threat using heuristics. The exploits were stored as movie.swf and include.swf at an infected site. The only difference between the two were their shellcodes. The second exploit (include.swf) wasn't detected using the same heuristic signature as the first, because it contained a unique shellcode. Each exploit comes as an unpacked flash video file. The Action Script code inside was neither obfuscated nor encrypted.

Zakorzhevsky was sure the software was designed to carry out malicious activity against a very specific group of users without attracting the attention of security solutions. Both the exploits detected by us spread from a site located at http://jpic.gov.sy.

The site was launched back in 2011 by the Syrian Ministry of Justice and was designed as an online form for citizens to complain about law and order violations. We believe the attack was designed to target Syrian dissidents complaining about the government.

The site was hacked in September 2013, something the alleged hacker announced on his twitter account. It's likely that the attack was carefully planned and that professionals of a pretty high caliber were behind it. The use of professionally written 0-day exploits that were used to infect a single resource testifies to this, Zakorzhevsky said.

Nick Farrell

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments