For example, Windows Defender Antivirus detects the malicious files and documents used in this attack. Office 365 ATP leverages massive threat intelligence from different data sources and integrates signals from multiple services such as Windows Defender ATP and Azure ATP. Office 365 ATP inspects email attachments and links for malicious content and provides real-time protection against attacks. Office 365 Advanced Threat Protection (ATP) protects customers from this attack by detecting the malicious InPage attachment in spear-phishing emails used in the campaign.
#FINAL MEDIA PLAYER MALWARE CODE#
The malicious document, which contained exploit code for CVE-2017-12824, a buffer-overflow vulnerability in InPage, dropped a legitimate but outdated version of VLC media player that is vulnerable to DLL hijacking.Spear-phishing email with a malicious InPage document with the file name hafeez saeed speech on 22nd April.inp was sent to the intended victims.The attack was orchestrated using the following approach: The Office 365 Research and Response team discovered this type of targeted attack in June. Beyond that, public research of these types of attacks has been limited. In the past, researchers at Palo Alto and Kaspersky have blogged about attacks that use malicious InPage documents. The targets included government institutions.įigure 1. More than 75% of the targets were located in Pakistan however, the attack also found its way into some countries in Europe and the US.
#FINAL MEDIA PLAYER MALWARE SOFTWARE#
The attack exploited a vulnerability in InPage, a word processor software for specific languages like Urdu, Persian, Pashto, and Arabic. Our analysis of a targeted attack that used a language-specific word processor shows why it’s important to understand and protect against small-scale and localized attacks as well as broad-scale malware campaigns. SSO solution: Secure app access with single sign-on.Identity & access management Identity & access management.App & email security App & email security.
0 kommentar(er)
