Your new post is loading...
Zyklon, a fully featured backdoor, is making the rounds using recently patched vulnerabilities in Microsoft Office.
The dismally named code has been around since early 2016; it’s an HTTP malware with a wide range of capabilities, including keylogging, password harvesting, downloading and executing additional plugins, conducting distributed denial-of-service (DDoS) attacks and self-updating and self-removing. FireEye researchers, who uncovered this latest wave of attacks, said that it also can download several plugins from browsers and email software, some of which include features such as cryptocurrency mining and password recovery. Additionally, Zyklon has a mechanism to monitor the spread and impact of its activities and uses the Tor anonymity network to communicate with its command-and-control (C2) server.
In an analysis, FireEye found that Zyklon is being delivered primarily through spam emails with an attached malicious Word document, targeting telecommunications, insurance and financial services. It’s using two Microsoft vulnerabilities: CVE-2017-8759, which was discovered by FireEye in September 2017, and CVE-2017-11882, a remote code execution bug.
CVE-2017-8759 is a .NET framework issue patched by Microsoft in October. An exploit allows attackers to install programs, manipulate data and create new privileged accounts. The second vulnerability was patched in November – though it was found to have existed for 17 years.
The threat actors are banking on administrators taking their time patching – a common tactic. Users should, of course, update their systems as soon as possible, given Zyklon’s virulent abilities.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/securite-pc-et-internet
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/securite-pc-et-internet