Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Criminals are exploiting interest in the ASEAN Defense Ministers Meetings (ADMM-Plus) to deliver malware to unsuspecting users.
The malware was delivered with a document labelled “ADMM-Plus Defence Officials Directory” that created a backdoor on unpatched machines.
The document itself was benign but contained potentially sensitive phone numbers and email addresses of defence officials from Australia, New Zealand and other members of the Association of South East Asian Nations.
Symantec researcher Takashi Katsuki discovered the document but did not reveal the names contained within it. SC has requested to view the file.
Attackers delivered the document and the payload through a file (.rtf) that exploited a Windows ActiveX remote code execution vulnerability (CVE-2012-0158). Once the file was opened, it dropped the document and the backdoor on machines.
The backdoor loaded after Windows users logged in and contacted a server based in China.
The vulnerability was already patched by Microsoft but had been exploited in a string of malware campaigns since its discovery in April this year.
It has been bound into document files for phishing attacks against Tibetan activists, Japanese steel companies and other industry sectors.
Copyright © SC Magazine, Australia
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.
