W32.Flamer: spreading mechanism tricks and exploits
Jump to navigation
Jump to search
(Publication) Google search: [1]
| W32.Flamer: spreading mechanism tricks and exploits | |
|---|---|
| |
| Botnet | Flamer |
| Malware | Flamer (bot) |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 1 juin 2012 |
| Editor/Conference | Symantec |
| Link | http://www.symantec.com/connect/ko/blogs/w32flamer-spreading-mechanism-tricks-and-exploits (Archive copy) |
| Author | |
| Type | |
Abstract
“ Flamer has the ability to spread from one computer to the next. However, Flamer does not automatically spread, but instead waits for instructions from the attackers. Flamer can spread using the following methods:
- Through network shares using captured credentials, including Domain Administrator
- Through the Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability (CVE-2010-2729), previously used by Stuxnet
- Through removable media using a specially crafted autorun.inf file, previously seen used by Stuxnet
- Through removable drives using a special directory that hides the files and can result in automatic execution on viewing the USB drive when combined with the Microsoft Windows Shortcut 'LNK/PIF' Files Automatic * File Execution Vulnerability (CVE-2010-2568), a vulnerability previously used by Stuxnet
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1021,
editor = {Symantec},
author = {},
title = {W32.Flamer: spreading mechanism tricks and exploits},
date = {Error: Invalid time.},
month = Error: Invalid time.,
year = {2012},
howpublished = {\url{http://www.symantec.com/connect/ko/blogs/w32flamer-spreading-mechanism-tricks-and-exploits}},
}