Threat actors have found a new version of the older Asurex backdoor malware that exploits two vulnerabilities in Adobe and Microsoft (MS) software. The first vulnerability, tracked as CVE-2012-0158, is a critical buffer overflow flaw in MS office versions 2003, 2007 and 2010. The second vulnerability, tracked as CVE-2010-2883, is a stack-based overflow in older Adobe products. The malware spreads through removable drives and network devices and once installed, checks for several types of files to determine if it is running in a “Sandbox” or testing environment. The malware is disguised as PDF files and word documents to drop and execute its activities. If this malware is successfully executed, it gives that hacker unfettered access to a victim’s system to steal the user’s files and should be treated as a major threat to organizations.
Analyst Notes
Seeing as though Asurex targets older versions of Adobe and MS software products, users are recommended to update to the latest versions of the software and apply any patches that Adobe and MS publish.
