New Asruex backdoor variant leverages old vulnerabilities to target Adobe software and Microsoft Office


The variant - detected as Virus.Win32.ASRUEX.A.orig - is disguised as PDF files and Word documents to drop and execute its activities.
Users who have been using older versions of Adobe Reader (prior to 9.4) and Acrobat (prior to 8.2.5) on Windows and Mac OS X are affected by the variant.

Threat actors have discovered a new version of the Asurex backdoor malware which is associated with the DarkHotel threat actor group. The malware variant is distributed by exploiting vulnerabilities - that are more than six-year-old - in Adobe and Microsoft Office software.


What are the vulnerabilities?


According to Trend Micro researchers, the variant - detected as Virus.Win32.ASRUEX.A.orig - is disguised as PDF files and Word documents to drop and execute its activities. The analysis shows that the new Asurex backdoor variant has been designed to exploit two old vulnerabilities that were discovered more than six years ago. The vulnerabilities are:


CVE-2012-0158 - a critical buffer-overflow vulnerability in an ActiveX component in MS Office versions 2003, 2007 and 2010. This can lead to remote code execution in Word documents.
CVE-2010-2883 - a stack-based overflow in Adobe products. This can enable attackers to inject code into PDFs.

Who are the targets?


The malware variant can affect targets who have been using older versions of Adobe Reader (prior to 9.4) and Acrobat (prior to 8.2.5) on Windows and Mac OS X.


How does it operate?


As per researchers, Asurex spreads through removable drives and network drives. Once installed and executed, the malware variant check for the following information to determine if ..

Support the originator by clicking the read the rest link below.