MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

9.2.09

Exploiting vulnerabilities through SWF

Another massively formats used to exploit the weaknesses of the teams are the Small Web Format files, .swf. In general, are often subjected to the injection of the exploit code for infringing an error in particular.

File the same wave of attacks by malicious JavaScript was mentioned in the post of vulnerabilities through files .js, had been combined with other alternatives like this.

In this case it exploits a vulnerability in Adobe Flash Player described in CVE-2007-0071 whereby through a file .swf is manipulated maliciously causes a buffer overflow allowing execution of arbitrary code by a remote attacker.

This means that if the user accessed, for example, the URL http://www.710sese.cn/a1/ (59.34.197.115) the file will run f16.swf (MD5:95EC9202FBE74D508205442C49825C08) that according to the report from VirusTotal, is detected for 18 of the 39 antivirus which scans the sample. The insert in the writ. Swf exploit the vulnerability in case you have installed the application and be vulnerable.

Some of the URLs used for the dissemination of the writ are:

http://www.710sese .cn/a1/f16. swf
http://www.710sese .cn/a1/f28. swf
http://www.710sese .cn/a1/f45. swf
http://www.710sese .cn/a1/f47. swf
http://www.710sese .cn/a1/f64. swf
http://www.710sese .cn/a1/f115. swf
http://www.710sese .cn/a1/i28. swf
http://www.710sese .cn/a1/i16. swf
http://www.710sese .cn/a1/i45. swf
http://www.baomaaa .cn/a279/f16. swf
http://www.baomaaa .cn/a279/f28. swf
http://www.baomaaa .cn/a279/f45. swf
http://www.baomaaa .cn/a279/f47. swf
http://www.baomaaa .cn/a279/f64. swf
http://www.baomaaa .cn/a279/f115. swf
http://www.baomaaa .cn/a279/i28. swf
http://www.baomaaa .cn/a279/i16. swf
http://www.baomaaa .cn/a279/i45. swf
http://000.2011wyt .com / versionff. swf
http://000.2011wyt .com / versioni. swf
http://sss.2010wyt .net / versioni. swf
http://sss.2010wyt .net / versionff. swf
http://www.misss360 .cn / versionff. swf
http://www.misss360 .cn / versioni. swf
http://daoye.sh .cn/a08_1272/m16. swf
http://daoye.sh .cn/a08_1272/m28. swf
http://daoye.sh .cn/a08_1272/m45. swf
http://ccsskkk .cn/new7/fl/f16. swf

http://ccsskkk .cn/new7/fl/f28. swf
http://ccsskkk .cn/new7/fl/f45. swf
http://ccsskkk .cn/new7/fl/f47. swf
http://ccsskkk .cn/new7/fl/f64. swf
http://1.ganbobo .com/template/kankan/js/4.0/curtain. swf
http://1.ganbobo .com/template/kankan/js/4.0/playerctrl. swf

After exploding on your computer, download the binary a1.css from http://d.aidws.com /new, malicious code which we have already mentioned in other post.

Related information
Exploitation of vulnerabilities through JS

Jorge Mieres

0 comentarios:

Post a Comment

Subscribe to: Post Comments (Atom)