Hi, * *
*Emails linking to malicious web-based exploit code that utilizes the vulnerability CVE-2010-0249 have been sent to organizations in a targeted manner since December 2009, and the attack is still on-going. This same vulnerability was used to target Google, Adobe, and approximately 30 other companies in mid-December 2009. This is a development of the attack we have blogged about previously here.* Investigation has so far lead to the conclusion that these targeted attacks appear to have started during the week of 20 December 2009, and are on-going to government, defence, energy sectors and other organizations in the United States and United Kingdom. Within the malicious emails the sender’s domain is spoofed to match the recipient’s domain making the targeted emails more convincing to the recipient. The malicious executables that are delivered by the exploit code include hxxp://cnn[removed]/US/20100119/update.exe or hxxp://usnews[removed]/svchost.exe. These exhibit traits of an information-stealing Trojan with Backdoor capabilities. As of today only 25% of AV vendors protect against the payload according to this VT report. Example email subjects include: "Helping You Serve Your Customers" "Obama Slips in Polls as Crises Dominate First Year as President" "2010 DoD Commercial SATCOM" "The Twelve Days of Christmas" -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
