Featured Articles

HP Stream is a Chromebook killer priced at $200

HP Stream is a Chromebook killer priced at $200

We have been hearing reports of a new breed of affordable Windows notebooks for months. It is alleged that a number…

More...
AMD Radeon R7 SSD line-up goes official

AMD Radeon R7 SSD line-up goes official

AMD has officially launched its first ever SSDs and all three are part of AMD’s AMD Radeon R7 SSD series.

More...
KitKat has more than a fifth of Android users

KitKat has more than a fifth of Android users

Android 4.4 is now running on more than a fifth of Android devices, according to Google’s latest figures.

More...
Aerocool Dead Silence reviewed

Aerocool Dead Silence reviewed

Aerocool is well known for its gamer cases with aggressive styling. However, the Dead Silence chassis offers consumers a new choice,…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Wednesday, 30 April 2014 12:03

Kaspersky find a new zero day Flash flaw

Written by Nick Farrell



Flash… ahhhhh it will eat everyone of us

Kaspersky Labs have found a new zero day flash flaw after spotting two exploits in the wild. Kaspersky expert Vyacheslav Zakorzhevsky said that the vulnerability is located in the Pixel Bender component, designed for video and image processing. The company received a sample of the first exploit on April 14, while a sample of the second came on April 16. The first exploit was initially recorded by KSN on April 9, when it was detected by a generic heuristic signature.

There were numerous subsequent detections on April 14 and 16. In other words, we succeeded in detecting a previously unknown threat using heuristics. The exploits were stored as movie.swf and include.swf at an infected site. The only difference between the two were their shellcodes. The second exploit (include.swf) wasn't detected using the same heuristic signature as the first, because it contained a unique shellcode. Each exploit comes as an unpacked flash video file. The Action Script code inside was neither obfuscated nor encrypted.

Zakorzhevsky was sure the software was designed to carry out malicious activity against a very specific group of users without attracting the attention of security solutions. Both the exploits detected by us spread from a site located at http://jpic.gov.sy.

The site was launched back in 2011 by the Syrian Ministry of Justice and was designed as an online form for citizens to complain about law and order violations. We believe the attack was designed to target Syrian dissidents complaining about the government.

The site was hacked in September 2013, something the alleged hacker announced on his twitter account. It's likely that the attack was carefully planned and that professionals of a pretty high caliber were behind it. The use of professionally written 0-day exploits that were used to infect a single resource testifies to this, Zakorzhevsky said.

Nick Farrell

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments