Hacking Book | Free Online Hacking Learning


trend micro security blog

Posted by truschel at 2020-04-17

Trend Micro confirmed an attack code (extention) using the zero day vulnerability Microsoft Security Advisory (2914486) ("cve-2013-5065") released on 27 November 2013. According to Microsoft, this vulnerability affects WindowsXP and Windows Server 2003. And this vulnerability is generally a vulnerability called "privilege promotion", which allows the attacker to delete and display data in an infected PC, install programs, and create an account with administrator privileges.

We confirm that this vulnerability attack code has been used in the target attack case. In this case, an illegal PDF file (detected as "troj PDEF. Gud") is used to execute the illegal code by using the vulnerability "cve-2013-3346" in adobe reader and Adobe Acrobat. At the same time, this is a zero day vulnerability that is confirmed by the use of "cve-2013-5065". As a result, a backdoor type malicious program (detected as "bkdr TAV tadig. Gud") is created in the PC. Created "bkdr tabadig. Gud" performs the downloading and execution of the file, and sending the system information to the command & Control (CC) server.

This example will allow users to Rerecognize the importance of updating Windows OS to the latest version. Last April, Microsoft announced that Windows XP support will end in April 2014. Since the vulnerability is not corrected after the end of the support, users using Windows XP will be very dangerous, with no underlying solution to the attack that exploits such vulnerabilities.

Users using newer versions of Windows XP and Windows Server 2003 will not be affected by this threat. Users who use Trend Micro products will detect and remove this malicious program associated with this threat by the "driggling" technology of our cloud security security "Trend Micro smart protection network".

We are still monitoring this threat and we will inform you through this blog as soon as new analytical results are found. We will also publish a detailed article about this threat.


Reference information:

Core technology marketing, trendlabs

Update information