Symantec informs that cybercrooks send e-mail spam that contain a fresh exploit for Adobe Flash Player that takes advantage of high interest towards new iPhone model that is expected next month. Criminals send messages with a .doc file attachment named somewhat like “iPhone 5 battery”. Text of the messages encourages users to open the attachment and read its content
“The .doc files attached to the email contain hidden malicious .swf files. The .swf files then drop more files onto the compromised computer” - say the experts. Symantec also gives examples of the dropped files:
- %Temp%\~WRD0001.doc
- %Temp%\Word8.0\ShockwaveFlashObjects.exd
- %Temp%\Word8.0\ShockwaveFlashObjects.exd
- %Temp%\Word8.0\ShockwaveFlashObjects.exd
- %UserProfile%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
Malicious code that is being used exploits the CVE-2012-1535 vulnerability in Adobe Flash Player that was patched on August 14 almost simultaneously with the issue of Microsoft monthly patches. Adobe informed that the vulnerability had been actively exploited.
Symantec advisory is accessible here.