W32.Flamer: spreading mechanism tricks and exploits

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

W32.Flamer: spreading mechanism tricks and exploits
Flamer Blog3 Figure3 Spread.jpg
Botnet Flamer
Malware Flamer (bot)
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 1 juin 2012
Editor/Conference Symantec
Link http://www.symantec.com/connect/ko/blogs/w32flamer-spreading-mechanism-tricks-and-exploits (Archive copy)
Author
Type

Abstract

Flamer has the ability to spread from one computer to the next. However, Flamer does not automatically spread, but instead waits for instructions from the attackers. Flamer can spread using the following methods:

  • Through network shares using captured credentials, including Domain Administrator
  • Through the Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability (CVE-2010-2729), previously used by Stuxnet
  • Through removable media using a specially crafted autorun.inf file, previously seen used by Stuxnet
  • Through removable drives using a special directory that hides the files and can result in automatic execution on viewing the USB drive when combined with the Microsoft Windows Shortcut 'LNK/PIF' Files Automatic * File Execution Vulnerability (CVE-2010-2568), a vulnerability previously used by Stuxnet

Bibtex

 @misc{2012BFR1021,
   editor = {Symantec},
   author = {},
   title = {W32.Flamer: spreading mechanism tricks and exploits},
   date = {Error: Invalid time.},
   month = Error: Invalid time.,
   year = {2012},
   howpublished = {\url{http://www.symantec.com/connect/ko/blogs/w32flamer-spreading-mechanism-tricks-and-exploits}},
 }