Adobe Flash flaw exploited with malicious “iPhone 5 Battery” Word document

A booby-trapped Word document containing a malicious embedded Flash file and alluringly entitled “iPhone 5 Battery” has been found in the wild and is exploiting a known security flaw in Flash, one for which Adobe issued a security update on 14 August.

The document contains what looks like a genuine article about leaked iPhone 5 battery Images (that article was originally published by Techcrunch on 10 August), the vulnerability, commonly known as CVE-2012-1535, is exploited on opening the Word document.

This opens a backdoor known as c0d0so0 or Backdoor Briba is used to contact a remote server to download an executable file encapsulated in a ZIP and disguised as a GIF.

Security company Alienvault pointed out that Dynamic DNS providers like DynDNS.org are a common denominator and urged companies to investigate whether computers on their network were contacting suspicious subdomains using DDNS companies.

Expect a rise in virus-related malware infection as well as scams as the build up to the launch of the iPhone 5 and, possibly of the iPad mini, continues for a few more weeks.

Source: AlienVault Labs