A booby-trapped Word document containing a malicious embedded Flash file and alluringly entitled “iPhone 5 Battery” has been found in the wild and is exploiting a known security flaw in Flash, one for which Adobe issued a security update on 14 August.
The document contains what looks like a genuine article about leaked iPhone 5 battery Images (that article was originally published by Techcrunch on 10 August), the vulnerability, commonly known as CVE-2012-1535, is exploited on opening the Word document.
This opens a backdoor known as c0d0so0 or Backdoor Briba is used to contact a remote server to download an executable file encapsulated in a ZIP and disguised as a GIF.
Security company Alienvault pointed out that Dynamic DNS providers like DynDNS.org are a common denominator and urged companies to investigate whether computers on their network were contacting suspicious subdomains using DDNS companies.
Source: AlienVault Labs