Members
  • Total Members: 12814
  • Latest: Rono
Stats
  • Total Posts: 28521
  • Total Topics: 8240
  • Online Today: 924
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Symantec warns: Trojan.Activehijack attacks Office (fputlsat.dll, Thumbs.db)  (Read 1387 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Symantec Corporation warns users about a new targeted attack against Office, potentially capable of exploiting an already patched vulnerability found in the most recent editions of the popular productivity suite published by Microsoft.

The trojan detected by the security enterprise (Trojan.Activehijack) comes as an archive attached to a malicious (likely spam) e-mail: http://www.symantec.com/security_response/writeup.jsp?docid=2012-020910-5231-99 , and is crafted to exploit one of the vulnerabilities described in the MS11-073 Security Bulletin published on September 2011.: http://technet.microsoft.com/en-us/security/Bulletin/MS11-073
The affected software suites include MS Office 2003 (SP3), Office 2007 (SP2) and Office 2010.

The already patched flaw is exploited in a way that is unusual among targeted attacks: https://www.microsoft.com/download/en/details.aspx?id=27390 , Symantec explains: while previously identified attacks come as a single document file containing the exploit, this new one arrives as a pair of files – a Word document and a .dll library file: http://www.symantec.com/connect/blogs/targeted-attack-using-new-office-exploit-found-wild

Once a user opens the infected document with an unprotected version of Word, an ActiveX control embedded in the document runs and calls the external library which has the same name of the legitimate Microsoft Office FrontPage Client Utility Library (“fputlsat.dll”).

If the exploit is successful, the infected document drops the malware onto the system and deletes the fputlsat.dll library. In its place, Trojan.Activehijack creates a “Thumbs.db” file – a perfect disguise with the same name of the (normally “hidden”) file used by Windows XP to store thumbnails for image files contained in a folder.

Symantec recommends to install all the available patches for productivity software and warns users against opening unwanted or unrequested attachments coming through the mailbox – especially those contained in zipped archives and escorted by a mysterious .dll file.

(NW)

Samker's Computer Forum - SCforum.info





 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising