Skip to main content

Adobe Flash flaw exploited with malicious “iPhone 5 Battery” Word document

A booby-trapped Word document containing a malicious embedded Flash file and alluringly entitled “iPhone 5 Battery” has been found in the wild and is exploiting a known security flaw in Flash, one for which Adobe issued a security update on 14 August.

The document contains what looks like a genuine article about leaked iPhone 5 battery Images (that article was originally published by Techcrunch on 10 August), the vulnerability, commonly known as CVE-2012-1535, is exploited on opening the Word document.

This opens a backdoor known as c0d0so0 or Backdoor Briba is used to contact a remote server to download an executable file encapsulated in a ZIP and disguised as a GIF.

Security company Alienvault pointed out that Dynamic DNS providers like DynDNS.org are a common denominator and urged companies to investigate whether computers on their network were contacting suspicious subdomains using DDNS companies.

Expect a rise in virus-related malware infection as well as scams as the build up to the launch of the iPhone 5 and, possibly of the iPad mini, continues for a few more weeks.

Source: AlienVault Labs

Desire worked at ITProPortal right at the beginning and was instrumental in turning it into the leading publication we all know and love today. He then moved on to be the Editor of TechRadarPro - a position he still holds - and has recently been reunited with ITProPortal since Future Publishing's acquisition of Net Communities.