How I Cracked a Keylogger and Ended Up in Someone's Inbox
Diposting : Senin, 01 Aug 2016, Penulis : Rodel Mendrez, SpiderLabs Blog (Trustwave)

It all started from a spam campaign. Figure 1 shows a campaign we
picked up recently from our spam traps with a suspicious document file
The attachment uses the ".doc" file extension but is actually an RTF
(rich text file) file format. The file contains a specially crafted RTF
stack overflow exploit. This was determined to be the CVE-2010-3333 that
exploits the Microsoft Word RTF parser in handling the "pFragments"
shape property. This vulnerability had been patched more than half a
decade ago.
After a short while, SMTP network activity was observed where the system
information of the infected system was sent to the attacker's email


Disclaimer | Copyright © 2013 - Id-SIRTII/CC
Id-SIRTII/CC - Indonesia Security Incident Response Team on Internet Infrastructure/Coordination Center
Menara Ravindo Lt. 17, Jl. Kebon Sirih No. 75 Jakarta Pusat, 10340, Indonesia
Member of: