Actus Sécurité Confirmé 2012 S10

=> Mar 2 CVE-2012-0754 SWF in DOC Iran’s Oil and Nuclear Situation.doc. 05/03/2012. «This is a message from a targeted attack and quite possibly you already received a few on your own – there seem to be a new campaign underway using this new CVE-2012-0754 exploit. The vulnerability exists in Flash and is exploited when it tries to parse a crafted MP4 file. Successful exploitation allows an attacker to execute an arbitrary code (…).»
Source :
Billets en relation :
05/03/2012. Attackers Target CVE-2012-0754 Adobe Flash Bug :

=> The Mystery of the Duqu Framework. 07/03/2012. «While analyzing the components of Duqu, we discovered an interesting anomaly in the main component that is responsible for its business logics, the Payload DLL. We would like to share our findings and ask for help identifying the code (…).»
Source :
Billets en relation :
08/03/2012. Mystery of Duqu Deepens As Researchers Ponder Unknown Programming Language :

=> Reversing the crypto used by the PonyDOS attack bot. 08/03/2012. «This blog post is the third installment in our ongoing series of articles exploring the crypto systems commonly found in various DDoS malware families. In previous articles we covered the reversing of the Armageddon and Khan DDoS bots; today we will cover a new malware family that we are calling Trojan.PonyDOS (…).»
Source :
Billets en relation :
06/03/2012. It’s 2012 and Armageddon has arrived [pdf] :
06/03/2012. It’s 2012 and Armageddon has arrived :
07/03/2012. Wrath of Khan [pdf] :
07/03/2012. Analysis of the crypto used by the Trojan.Khan DDoS bot :
08/03/2012. Not just a one-trick PonyDOS [pdf] :

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Vous pouvez utiliser ces balises et attributs HTML : <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notifiez-moi les commentaires à venir via email. Vous pouvez aussi vous abonner sans commenter.