Zero-day leak in Windows actively attacked through malicious advertisements

Posted 24 March 2017 23:05 CEST by Jan Willem Aldershoff

Antivirus company Trend Micro reports that a zero-day leak in Windows, which was patched this month,  has been actively attacked with malcious advertisements in July last year. The vulnerability, that was reported to Microsoft in September last year, allowed an attacker to access information about files on the victim’s computer.

 

This way attackers were able to determine which security software was installed or whether the computer had software installed to analyze malware. It also allowed attackers to check whether the attacked systems ran sandbox software or had packet capture software installed. If this kind of software was detected the attackers didn’t execute their malcious code and it remained hidden for security researchers.

The zero-day vulnerability was privately reported to Microsoft by Trend Micro and existed in Windows versions from Vista SP2 and onwards. Visiting a specifically prepared website or advertisement could lead to infection.

Initially the zero-day vulnerability was used by a malvertising campaign called AdGholas that used infected advertisements to infect internet users with malware. Later it was also added to the Neutrino exploit kit.

The vulnerability itself was not sufficient to infect computers with malware as it only checked for the presence of security software.For the actual infection a second vulnerability was required, in case of the Neutrino exploit kit these were known vulnerabilities in Adobe Flash Player.



Myce.com settings

Several settings at Myce.com can be changed, they are stored in cookies, which means they will be reset if you clear Myce.com cookies

Background

Change the background to a plain color or trianglified image (similar to the default image)

No tracking features

At Myce most social media feature are done server side and impose no privacy risk to the visitor when not used. Several features use Javascript with you can turn off here

Layout

Switch to the List layout for an index with chronologycally listed news items or Grid layout for a block based layout. To see the change you need to reload the page

×