APT Attack Technical Analysis

By | August 20, 2014
We have got this sample from corporate management computer from US & India. This word document was sent to CEO emails. Once opened it could monitor his entire activity(keystrokes) and upload files(document,excel, PPT) from his computer to a server which is hosted by the hacker. We have sent the samples to most of the antivirus/security companies around the world and uploaded the sample on virustotal so that all antivirus companies get the sample of this APT attack and protect the people across the world.
Such attacks are going to happen, the antivirus technologies are still primitive. Most antivirus products are not able to detect the word document exploit code(only 11 products around the world can handle exploit finding inside MS office files). The antivirus software give false sense of security to the customers. CSPF strongly recommends that customers start testing out these antivirus/security product rather then go by their claims. CSPF has observed that this word exploit has been around for last two years and only 11 products/ 55 antivirus find it.
Next time when you get a word doc, excel, pdf, ppt think twice to open it. The email could be spoofed to make it look like its coming from some one you know.

Leave a Reply

Your email address will not be published. Required fields are marked *