Asruex Backdoor Variant Infects Word Documents and PDFs Through Old MS Office and Adobe Vulnerabilit

Minimalist · Aug 22, 2019

Since it first emerged in 2015, Asruex has been known for its backdoor capabilities and connection to the spyware DarkHotel. However, when we encountered Asruex in a PDF file, we found that a variant of the malware can also act as an infector particularly through the use of old vulnerabilities CVE-2012-0158 and CVE-2010-2883, which inject code in Word and PDF files respectively.
Click to expand...

https://blog.trendmicro.com/trendla...ough-old-ms-office-and-adobe-vulnerabilities/

Rasheed187 · Aug 31, 2019

I remember that my old HIPS named Neoava Guard had the ability to block modification of .EXE files. Funny to see that file invectors are still a thing.

itman · Aug 31, 2019

This is interesting. TrendMicro in their article at the end posts an IOC hash. Their own product on VT doesn't have a detection for it. Housecalls detects but not regular Trend engine installed there.

Log in or Sign up

Asruex Backdoor Variant Infects Word Documents and PDFs Through Old MS Office and Adobe Vulnerabilit

Minimalist Registered Member

Rasheed187 Registered Member

itman Registered Member

Log in or Sign up

Asruex Backdoor Variant Infects Word Documents and PDFs Through Old MS Office and Adobe Vulnerabilit

Minimalist Registered Member

Rasheed187 Registered Member

itman Registered Member

Useful Searches