Military Hardware and Men’s Health
Over the last few months we have seen a series of very similar targeted attacks being blocked in our Linux Mail Security Product. In each case the documents used were RTF and the exploit was CVE-2012-0158 (MSCOMCTL.OCX RCE Vulnerability).
The attacks seem to be from the same group and most appear to be sent from Australia or Republic of Korea. The sender IP addresses vary but many are sent via mail.mailftast.com. This domain is registered in China:
REGISTRANT CONTACT INFO liu runxin No.1,Nanjing Road Shanghai Shanghai 200001 CN Phone: +86.2164415698 Email Address: lishd2011@163.com
The documents are in three categories:
- The first group of documents are related to articles on the Men’s Health website. These are some example filenames:
EAT FOR BETTER SEX.doc How to last longer in bed.doc 6 Awkward Sex Moments, Defused.doc 9 ways to have better,hotter,and more memorable sex.doc 10 Ways to Get More Sex.doc
- The second group are military related:
Stealth Frigate.doc The BrahMos Missile.doc How DRDO failed India's military.doc
- The third set have Cyrillic filenames:
приоритеты сотрудничества.doc Список участников рабочей группы(0603-2013).doc Список кадров.doc Приглашение МИОМ ТЕЙКОВО 2013.doc
Read more: Military Hardware and Men’s Health
Story added 29. March 2013, content source with full text you can find at link above.