CVE-2012-1875

显示全部楼层 · 发表于 2012-6-14 02:47:12

本帖最后由 360Tencent 于 2012-6-19 01:18 编辑

火热出炉，微软6月份IE 补丁修复的 CVE-2012-1875

http://blogs.mcafee.com/mcafee-l ... ernet-explorer-flaw

http://labs.alienvault.com/labs/ ... ting-cve-2012-1875/

http://www.symantec.com/connect/ ... d-part-1-trojannaid

根据博客内容，exploit 下载的payload

http://support.clean-mx.de/clean-mx/viruses?id=1658294

VT报告（几天前的检测率是3/41）

其余两个博客里提到的payload链接

1.http://www.scumware.org/report/46.37.2.64(VT报告) RAT (Remote Access Tools).

C&C server for that RAT is online (ip address 219.90.117.132)

219.90.117.128 – 219.90.117.159
China Shenzhen Soul Tech Co. Ltd

C&C服务器位于中国深圳

2. http://140.109.236.143/english/cala.exe

显示全部楼层 · 发表于 2012-6-14 10:06:03

本帖最后由 Dust-;羅錠于 2012-6-14 10:08 编辑

哪个才是样本？

显示全部楼层 · 发表于 2012-6-14 11:20:43

Dust-;羅錠发表于 2012-6-14 10:06
哪个才是样本？

安全相关

显示全部楼层 · 发表于 2012-6-14 11:42:05

IE的“黑8”漏洞，由360安全中心报告给微软的。

显示全部楼层 · 发表于 2012-6-15 19:00:38

显示全部楼层 · 发表于 2012-6-15 19:07:19

5L

ESET killed 2x.

C:\Users\TOSHIBA\Desktop\cve-2012-1875\cve-2012-1875\34ea070fa3a6d27dd4b261e7b396ce69cfdec81d6ac3bf4f9b44469da8c63934_92FB87804413B1E3D2BFB128B00FEF0F_Cve-2012-0185 - JS/Exploit.CVE-2012-1875.A.Gen 特洛伊木马
C:\Users\TOSHIBA\Desktop\cve-2012-1875\cve-2012-1875\95855c20085476a5c1dff2f355d34891849d9c53265ee427b584fcf24073e726_0398139DC9E451270DF282253959DAF6_cve-2012-0185 - JS/Exploit.CVE-2012-1875.A.Gen 特洛伊木马

To AVG.

显示全部楼层 · 发表于 2012-6-16 23:40:36

360Tencent 发表于 2012-6-15 19:00

密码是多少啊

显示全部楼层 · 发表于 2012-6-16 23:43:33

xue_niao 发表于 2012-6-16 23:40
密码是多少啊

infected

显示全部楼层 · 发表于 2012-6-16 23:47:36

hx1997 发表于 2012-6-16 23:43
infected

谢谢啊

显示全部楼层 · 发表于 2012-6-16 23:51:28

Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC01179534.

We received the following archive files:

File ID Filename Size (Byte)                Result
26942659 cve-2012-1875.rar 6.69 KB    OK

A listing of files contained inside archives alongside their results can be found below:

File ID Filename Size (Byte)                               Result
26942660 34ea070fa3a6d27dd4b2...85 9.71 KB    MALWARE
26942661 95855c20085476a5c1df...85 11.08 KB    MALWARE

Please find a detailed report concerning each individual sample below:

Filename                            Result
34ea070fa3a6d27dd4b2...85 MALWARE

The file '34ea070fa3a6d27dd4b261e7b396ce69cfdec81d6ac3bf4f9b44469da8c63934_92FB87804413B1E3D2BFB128B00FEF0F_Cve-2012-0185' has been determined to be 'MALWARE'. Our analysts named the threat EXP/CVE-2012-1875.A. The term "EXP/" denotes malware that is able to detect and use certain security vulnerabilities whereby the attacker can get control of the system. Detection is added to our virus definition file (VDF) starting with version 7.11.32.234.

Filename                            Result
95855c20085476a5c1df...85    MALWARE

The file '95855c20085476a5c1dff2f355d34891849d9c53265ee427b584fcf24073e726_0398139DC9E451270DF282253959DAF6_cve-2012-0185' has been determined to be 'MALWARE'. Our analysts named the threat EXP/CVE-2012-1875.A. The term "EXP/" denotes malware that is able to detect and use certain security vulnerabilities whereby the attacker can get control of the system. Detection is added to our virus definition file (VDF) starting with version 7.11.32.234.

[其他相关] CVE-2012-1875

评分

本帖子中包含更多资源