Featured Articles

TSMC: Volume production of 16nm FinFET in 2H 2015

TSMC: Volume production of 16nm FinFET in 2H 2015

TSMC has announced that it will begin volume production of 16nm FinFET products in the second half of 2015, in late…

More...
AMD misses earnings targets, announces layoffs

AMD misses earnings targets, announces layoffs

AMD has missed earnings targets and is planning a substantial job cuts. The company reported quarterly earnings yesterday and the street is…

More...
Did Google botch the Nexus 6 and Nexus 9?

Did Google botch the Nexus 6 and Nexus 9?

As expected, Google has finally released the eagerly awaited Nexus 6 phablet and its first 64-bit device, the Nexus 9 tablet.

More...
Gainward GTX 970 Phantom previewed

Gainward GTX 970 Phantom previewed

Nvidia has released two new graphics cards based on its latest Maxwell GPU architecture. The Geforce GTX 970 and Geforce GTX…

More...
EVGA GTX 970 SC ACX 2.0 reviewed

EVGA GTX 970 SC ACX 2.0 reviewed

Nvidia has released two new graphics cards based on its latest Maxwell GPU architecture. The Geforce GTX 970 and Geforce GTX…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Wednesday, 30 April 2014 12:03

Kaspersky find a new zero day Flash flaw

Written by Nick Farrell



Flash… ahhhhh it will eat everyone of us

Kaspersky Labs have found a new zero day flash flaw after spotting two exploits in the wild. Kaspersky expert Vyacheslav Zakorzhevsky said that the vulnerability is located in the Pixel Bender component, designed for video and image processing. The company received a sample of the first exploit on April 14, while a sample of the second came on April 16. The first exploit was initially recorded by KSN on April 9, when it was detected by a generic heuristic signature.

There were numerous subsequent detections on April 14 and 16. In other words, we succeeded in detecting a previously unknown threat using heuristics. The exploits were stored as movie.swf and include.swf at an infected site. The only difference between the two were their shellcodes. The second exploit (include.swf) wasn't detected using the same heuristic signature as the first, because it contained a unique shellcode. Each exploit comes as an unpacked flash video file. The Action Script code inside was neither obfuscated nor encrypted.

Zakorzhevsky was sure the software was designed to carry out malicious activity against a very specific group of users without attracting the attention of security solutions. Both the exploits detected by us spread from a site located at http://jpic.gov.sy.

The site was launched back in 2011 by the Syrian Ministry of Justice and was designed as an online form for citizens to complain about law and order violations. We believe the attack was designed to target Syrian dissidents complaining about the government.

The site was hacked in September 2013, something the alleged hacker announced on his twitter account. It's likely that the attack was carefully planned and that professionals of a pretty high caliber were behind it. The use of professionally written 0-day exploits that were used to infect a single resource testifies to this, Zakorzhevsky said.

Nick Farrell

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments