Malicious swf files? (SANS)
Adobe flash player vuln(SANS) - まっちゃだいふくの日記★とれんどふりーく★の件で、Exploitが出回っているそうです。
hxxp://www.play0nlnie.com/pcd/topics/ff11us/20080311cPxl31/WIN%209,0,115,0ie.swf
Which gives us a couple of things. One is that this would seem to be an exploit against Adobe Flash Player. Second is that the apparent vulnerable version would be 9.0.115.0. Third is that there is likely additional malware to see continuing down the rabbit hole. Interestingly this SWF file may be exploiting CVE-2007-0071 and not the potentially new previously unknown vulnerability announced by Symantec today, assuming they are different.
At this time Adobe still has not released any significant information at their blog http://blogs.adobe.com/psirt/ some clarification would be nice.
Indeed, hxxp://www.play0nlnie.com/ax.exe is downloaded, then hxxp://www.play0nlnie.com/setip.exe
Virustotal was 7/31 for ax.exe, and 7/31 for setip.exe earlier this evening.
Other examples of sites serving malicious swf files are now rolling in, which is the perfect timing for me to hand off the awesome power of the Handler On Duty (HOD) reigns to Jim. Hit the Big Red Button (BGR)!! Must go InfoCon orange...
Trendmicroさん、うまいこと図を入れて説明している。
これなら、一般の人でもわかりやすいかも。
関連URL
- Security Advisory SA30404 - REVOKED: Adobe Flash Player Unspecified Vulnerability - Secunia
- GFI LABS Blog: Zero day flash
- JVNVU#395473: Adobe Flash Player に任意のコード実行の脆弱性
- Another example of malicious SWF(SANS)
- News from the Lab Archive : January 2004 to September 2015
- McAfee Threat Center – Latest Cyberthreats | McAfee
- InfoSec Handlers Diary Blog - So, how do you monitor your website?
- http://www.securityfocus.com/brief/744
- Adobe Flash Playerの脆弱性を悪用した「SWF_DLOADER」ファミリの脅威 | トレンドマイクロ セキュリティブログ
- Flashのセキュリティ脆弱性を突く攻撃を確認--米セキュリティ調査機関が警告 - ZDNet Japan
- Flashのセキュリティ脆弱性を突く攻撃を確認--米セキュリティ調査機関が警告 - CNET Japan
(関連:Flashの脆弱性は最新版で修正済み、Adobeが調査結果を公表 - まっちゃだいふくの日記★とれんどふりーく★、Malicious swf files? (SANS) - まっちゃだいふくの日記★とれんどふりーく★、Adobe flash player vuln(SANS) - まっちゃだいふくの日記★とれんどふりーく★)