This article is more than 1 year old
Flash zero day phished phoolish Microsoft Office users
If you 'must' run Flash, run EMET, hacker begs.
FireEye has detailed an attack on a recent zero-day vulnerability Adobe patched last week.
The flaw (CVE-2916-4117) affects the previous latest version of Adobe Flash and copped a rushed patch after FireEye reported attacks in the wild.
Genwei Jiang, a Singaporean senior security engineer, has revealed the details of the previously undisclosed phishing attacks he reported and says it is being actively deployed.
Affected users need to run Windows, Flash, and Microsoft Office, and fall for some form of phishing link or file.
"Attackers had embedded the Flash exploit inside a Microsoft Office document, which they then hosted on their web server, and used a Dynamic DNS domain to reference the document and payload," Jiang says.
"With this configuration, the attackers could disseminate their exploit via URL or email attachment.
"Although this vulnerability resides within Adobe Flash Player, threat actors designed this particular attack for a target running Windows and Microsoft Office.
The attack is typical of many campaigns and runs shellcode to create a command and control link, run the malware, and throw a decoy document to leave victims hopefully unaware.
The vulnerability is still very valuable given that the patch was released only four days ago.
Jiang says users wedded to Flash must patch their systems and should consider Microsoft's lauded enhanced mitigation toolkit defensive toolkit.
That latter point is most critical on systems older than Windows 10 which lack enhanced mitigation toolkit's features that are largely baked-in to the modern operating system. ®