Ghost Rat trojan used in huge spy ring stoppable?

Discussion in 'malware problems & news' started by true north, Mar 31, 2009.

Thread Status:
Not open for further replies.
  1. true north

    true north Registered Member

    Joined:
    Dec 14, 2006
    Posts:
    159
  2. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
  3. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    I scrolled through, and found mention to a pdf/doc file, but nothing on how it works. Is it .doc macro -> download trojan.exe -> install ?
     
  4. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    It seems they used embedded trojan downloader in DOC files and used PDF exploits to install the malware.

    More info at Sunbelt Blog. Alex has made available the whole 53 page indepth report there (along with the synopsis I had posted earlier)
    http://sunbeltblog.blogspot.com/2009/03/ghostnet.html
     
    Last edited: Apr 1, 2009
  5. Dogbiscuit

    Dogbiscuit Guest

    In one email attachment documented here (Page 21), the exploit code made use of a 2 1/2 year old known vulnerability, CVE-2006-2492, that affected Microsoft Word and Microsoft Works.

    It looks as if the machine in question was not up to date with software patches, and that's how opening a document compromised the system, at least in this case.
     
Loading...
Thread Status:
Not open for further replies.