Adobe Flash zero-day shows a Chinese connection

Permit me to begin with a truism: In the world of computer forensics, you never really know anything for sure. With that as a given, the case of the new Flash zero-day exploit keeps getting curiouser and curiouser, and “China” keeps popping up.

Yesterday Adobe confirmed the critical Flash zero-day bug. This previously unknown security hole was discovered as an embedded Flash .swf file object inside a Word document sent via email. In her Contagio Malware Dump blog, researcher Mila Parkour gives extensive details about the .swf file and the infected .doc file that is making the rounds.

This is no fractured-English, “all your base are belong to us” attack. It’s a very sophisticated, targeted message with a compelling — and potentially disastrous — attachment.

The email message with an infected attachment that Mila describes appears to come from a Hotmail account. It was sent on April 8. The subject of the message is “Disentangling Industrial Policy and Competition Policy in China.” The body of the message says, in part:

…the current issue of the ABA Antitrust Section’s Antitrust Source may be of interest. It contains interviews of the heads of the sections devoted to AML enforcement within MOFCOM, NDRC and SAIC. In addition, it conatins a worthwhile article on “Disentangling Industrial Policy and Competition Policy in China”…

There’s an attachment to the message, a Word 2003-2007 .doc file called, you guessed it, “Disentangling Industrial Policy and Competition Policy in China.doc.”

It’s first-class bait. The American Bar Association (ABA) has an Antitrust Source newsletter. The current issue of that newsletter contains four articles from a symposium on Chinese competition law, one of which is called “Disentangling Industrial Policy and Competition Policy in China.” If you have an interest in Chinese law and happen to comprehend ABA jargon, you may even be able to translate the body of the message: AML is China’s new Anti-Monopoly Law; MOFCOM is China’s Ministry of Commerce; NDRC is China’s National Development and Reform Commission; and SAIC is the State Administration for Industry and Commerce.

It’s fair to state that the message was designed to catch the eye of English-speaking attorneys with an interest in Chinese competition law. It’s spear phishing with a very sharp spear. As Parkour says, “The recipients of this message included people whose names you can find in Wikipedia and assistants of former high-ranked politicians who are now working at global consulting companies.”

source : www.infoworld.com

Other Post:

• The top hidden features in Windows 8
• Apple iPhone Umbilical Cord Charger? Video
• MS NZ flogs digital health arm to locals
• Apple iCloud is a syncer's dream, iTunes music store gets better
• KODAK Picture Saver Scanning System Enables Businesses to Generate Revenue from Rapid Photo Capture of Consumer "Printed Memories"
• MWC 2011: Motorola overview
• Motorola Verizon Deal Will Ensure Android Phones are Heavily Promoted
• Oracle sues Google over Java use in Android
• Why has Thunderbird turned into a turkey?
• DosPara Prime Note Rigel DC2 13.3-inch Slim And Light Laptop

Details :
Submited at Tuesday, April 12th, 2011 at 6:00 pm on News by john
Comment RSS 2.0 - leave a comment - trackback