Attack Detailed
The poof pf concept of this vulnerability was made public some time last week.
The website in question, is a news agency and carries articles on some reality show winners.
It is detected by ESET as Win32/Exploit.CVE-2014-6332.A.
The exploit is based on proof-of-concept code published by a Chinese researcher.
This is the part which has been modified by the attacker.
The attacker has used a Visual Basic script for the exploit.
natmasla.exe»%TEMP%\KdFKkDls.txt&@echo !
Then the file is passed to the ftp command.
It will connect to an ftp server with a username/password, download a binary, and execute it.
The downloaded binary has been detected by ESET as Win32/IRCBot.NHR.
No real attacks have yet been reported using this exploit.
Researchers expected this since it is a very new exploit.
Users are recommended to use Windows update and patch their PCs immediately.
source: www.techworm.net
