Purported Iran nuke document contains trojan

By Dan Kaplan on Mar 6, 2012 2:24 PM
Filed under Security

Spreads via Flash vulnerability.

Targeted attackers are leveraging a patched Adobe Flash vulnerability and the ongoing tension around Iran's suspected nuclear program to spread a difficult-to-detect trojan.

Emails were spreading that contained a Word document titled "Iran's Oil and Nuclear Situation", according to Contagio Malware Dump, a malware sample collection site.

Clicking on the file sets in motion a series of events that ultimately results in a malicious binary being dropped onto the target system.

"The Word document contains Flash, which downloads a corrupted MP4 file," wrote Contagio IT specialist Mila Parkour in a blog posted Monday. "This MP4 file causes memory corruption and code execution."

The attack takes advantage of a recently fixed Flash bug (CVE-2012-0754). The vulnerability was repaired, along with six others, last month when Adobe released Flash Player for Windows, Macintosh, Linux and Solaris.

Just seven of 42 of the most popular anti-virus products on Saturday had detected the malicious file, according to a VirusTotal review commissioned by Contagio.

Reached by email, Parkour said "someone donated the sample and sounds like a lot of them are already in circulation." An Adobe spokeswoman said the company didn't have any information about the extent of the threat.

Adobe also released another Flash update (  to address two critical vulnerabilities. The flaws garnered "Priority 2" status under Adobe's newly launched ratings system. Priority 2 means there are no known exploits for any of the bugs being fixed, nor are attacks imminent.

Follow us on Facebook and Twitter

Copyright © SC Magazine, US edition


Purported Iran nuke document contains trojan
Top Stories
Microsoft unveils first laptop and Surface Pro 4
Major hardware unveiling includes Surface Pro 4 tablet, Surface Book, Surface Pen, new Lumias.
Revealed: Microsoft's new Surface Book
[Photos] See Microsoft's landmark hybrid laptop.
Meet the Surface Pro 4
[Photos] Thinner, lighter and faster than any previous Surface Pro.
Sign up to receive CRN email bulletins
Has consolidation gone too far in the telco/ISP industry?

Latest Comments
CRN Magazine

Issue: 342 | September 2015

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.