RTF exploit is delivered through spear phishing scheme

McAfee researchers have discovered a new RTF exploit aimed at Indian people and businesses

The exploit takes advantage of the Microsoft Word ActiveX control vulnerability CVE-2012-0158 and uses timely news to serve up malicious content, according to McAfee's post on the attack. The attack is delivered through an attachment on a spear phishing email. The exploit drops dw20.exe in the %temp% directory and then goes on to drop gupdate.exe in the same spot. This last file will connect to control servers.

This attack drops a malware identified as Win32/Syndicasec, which could allow attackers to run arbitrary commands with elevated privileges.

Although Windows has already patched its Word ActiveX vulnerability, the McAfee researchers write that, “the vulnerability has been used in several targeted campaigns in the past and continues to be popular in ongoing targeted attacks.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.