Actus Sécurité Confirmé 2012 S10

=> Mar 2 CVE-2012-0754 SWF in DOC Iran’s Oil and Nuclear Situation.doc. 05/03/2012. «This is a message from a targeted attack and quite possibly you already received a few on your own – there seem to be a new campaign underway using this new CVE-2012-0754 exploit. The vulnerability exists in Flash and is exploited when it tries to parse a crafted MP4 file. Successful exploitation allows an attacker to execute an arbitrary code (…).»
Source :
Billets en relation :
05/03/2012. Attackers Target CVE-2012-0754 Adobe Flash Bug :

=> The Mystery of the Duqu Framework. 07/03/2012. «While analyzing the components of Duqu, we discovered an interesting anomaly in the main component that is responsible for its business logics, the Payload DLL. We would like to share our findings and ask for help identifying the code (…).»
Source :
Billets en relation :
08/03/2012. Mystery of Duqu Deepens As Researchers Ponder Unknown Programming Language :

=> Reversing the crypto used by the PonyDOS attack bot. 08/03/2012. «This blog post is the third installment in our ongoing series of articles exploring the crypto systems commonly found in various DDoS malware families. In previous articles we covered the reversing of the Armageddon and Khan DDoS bots; today we will cover a new malware family that we are calling Trojan.PonyDOS (…).»
Source :
Billets en relation :
06/03/2012. It’s 2012 and Armageddon has arrived [pdf] :
06/03/2012. It’s 2012 and Armageddon has arrived :
07/03/2012. Wrath of Khan [pdf] :
07/03/2012. Analysis of the crypto used by the Trojan.Khan DDoS bot :
08/03/2012. Not just a one-trick PonyDOS [pdf] :

Publié par


Canard boiteux numérique ; juste intéressé, juste passionné.