CVE-2012-1535 Exploit Leads to Backdoor

We were alerted to reports of an exploit targeting the CVE-2012-1535, a vulnerability in Adobe Flash Player to drop a backdoor into the vulnerable system.

The said exploit masquerades as a .DOC file (detected as TROJ_MDROP.EVL) that possibly arrives as an attachment to email messages. Users who are tricked into opening the said file actually execute the said exploit. Once exploit is successful, it then drops the files %User Profile%\Application Data\taskman.dll and %User Profile%\Local Settings\~WORDL.tmp, which are detected by Trend Micro as BKDR_BRIBA.EVL. Said backdoor attempts to make a connection to http://publicnews.{BLOCKED}o.com/logo.gif, possibly to download another file. However, said URL is inaccessible as of this writing.

Affected Adobe Flash Player versions include 11.3.300.270 and earlier versions for all platforms. Android OS users need not worry as they are not affected by this vulnerability.

Trend Micro Smart Protection Network™ detects and deletes all malware related to this attack. It also prevents connections made to related URLs accessed by both malware. Deep Security users are protected via the following rules:

1004114 – Identified Malicious Adobe SWF File
1004647 – Restrict Microsoft Office File With Embedded SWF

Whenever possible, immediately apply the latest security update released by Adobe. Users should also refrain from opening email messages and downloading attachments coming from unknown resources.

Post from: TrendLabs | Malware Blog – by Trend Micro

CVE-2012-1535 Exploit Leads to Backdoor