New Flash exploit used to distribute credential-stealing malware

The exploit is embedded into documents distributed as email attachments, researchers from Kaspersky Lab said

A new exploit that prompted Adobe to release an emergency patch for Flash Player was used in targeted attacks that distributed malware designed to steal log-in credentials for email and other online services, according to researchers from antivirus firm Kaspersky Lab.

Adobe released new versions of Flash Player for Windows, Mac and Linux Tuesday in order to address a critical remote code execution vulnerability for which, the company said, an exploit existed in the wild. Kaspersky Lab researchers Alexander Polyakov and Anton Ivanov were credited with reporting the vulnerability.

Eleven SWF (Flash) exploit files that targeted this vulnerability were found, but only one of them contained an executable file as a payload, the Kaspersky Lab researchers said Wednesday in a blog post about their findings.

Some of the other exploits were designed to execute a file from URLs passed to them as a parameter, but the researchers couldn't identify the actual URLs that attackers had used or the files they pointed to.

The SWF files came embedded into .docx files -- Microsoft Word documents -- that had Korean names, but were found on computers in China, the researchers said.

In one case one of the rigged documents was sent as an attachment to an email address registered with, a Chinese email provider, and was opened from an email client on a computer running Mac OS 10.6.8. However, the exploit was clearly designed to target Windows users.

In two other cases the malicious docx files were found on Windows 7 machines in the cache of Internet browsers, particularly a browser of Chinese origin called Sogou Explorer. This doesn't mean the files hadn't been delivered via email, the Kaspersky researchers said.

The only recovered payload consisted of an executable file that acted as a downloader for additional malware files. The Kaspersky researchers were able to recover two such files.

The first one was a Trojan program designed to steal log-in credentials saved in locally installed programs including Foxmail, OperaMail, Opera, Mozilla Firefox, Safari, IncrediMail, Pidgin and Thunderbird, the Kaspersky researchers said. It also steals data entered into Web forms on a variety of websites, many of which are webmail providers. The list of targeted websites includes Twitter, Facebook, Yahoo, Google,,, Yandex,,,,,,, and others.

The second file is a backdoor program that works in conjunction with the first malware, the researchers said. It connects to three command-and-control servers and downloads additional DLL files hidden inside JPEG images.

"We are continuing to follow the bot's activity," the Kaspersky researchers said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitymalwareadobespywarekaspersky labExploits / vulnerabilities

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments





Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?