http://blog.fireeye.com/research/ Threat research, analysis, and mitigation | www.fireeye.com en-US 2013-02-28T22:30:52-08:00 FE_researchhttp://feedburner.google.com http://feedproxy.google.com/~r/FE_research/~3/SjSGjsOjPIA/yaj0-yet-another-java-zero-day-2.html Through our Malware Protection Cloud (MPC), we detected a brand new Java zero-day vulnerability that was used to attack multiple customers. Specifically, we observed successful exploitation against browsers that have Java v1.6 Update 41 and Java v1.7 Update 15 installed. Not like other popular Java vulnerabilities in which security manager can be disabled easily, this vulnerability leads to arbitrary memory read and write in JVM process. After triggering the vulnerability, exploit is looking for the...<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/FE_research?a=SjSGjsOjPIA:px2RJk42fks:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/FE_research?d=yIl2AUoC8zA" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/FE_research/~4/SjSGjsOjPIA" height="1" width="1"/> Zero-day FireEye, Inc. 2013-02-28T22:30:52-08:00 http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html http://feedproxy.google.com/~r/FE_research/~3/bEtwOhMM9ZI/its-a-kind-of-magic-1.html In our last post we shared our initial analysis of the malware that is installed as a result of the PDF found in the wild that exploits the then-zero-day vulnerabilities, CVE-2013-0640 and CVE-2013-0641. Today we are sharing more details about this new malware, which we have dubbed "666." The following is not a complete analysis, but outlines some of the main functionality and its interesting features. At its heart, this malware is a remote administration...<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/FE_research?a=bEtwOhMM9ZI:C-hTIp1Cxuo:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/FE_research?d=yIl2AUoC8zA" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/FE_research/~4/bEtwOhMM9ZI" height="1" width="1"/> Exploit Research James T. Bennett 2013-02-28T17:30:00-08:00 http://blog.fireeye.com/research/2013/02/its-a-kind-of-magic-1.html http://feedproxy.google.com/~r/FE_research/~3/CvAYy3omTso/the-number-of-the-beast.html Yesterday, we sent out a warning regarding the PDF zero-day we found being exploited in the wild. Adobe has released a security advisory with mitigations. Here are more details about the attack. The JavaScript embedded in the crafted PDF is highly obfuscated using string manipulation techniques. Most of the variables in the JavaScript are in Italian. The JavaScript has version checks for various versions of Adobe Reader as shown below and it creates the appropriate...<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/FE_research?a=CvAYy3omTso:j17kX3AnlSA:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/FE_research?d=yIl2AUoC8zA" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/FE_research/~4/CvAYy3omTso" height="1" width="1"/> Vulnerability Research Zero-day James T. Bennett 2013-02-13T20:28:03-08:00 http://blog.fireeye.com/research/2013/02/the-number-of-the-beast.html http://feedproxy.google.com/~r/FE_research/~3/rFigWGCryps/in-turn-its-pdf-time.html [Update: February 13, 2013] We have found IE, Java, and Flash zero-days in a row in the past several months, and now it's PDF’s turn. Today, we identified that a PDF zero-day is being exploited in the wild, and we observed successful exploitation on the latest Adobe PDF Reader 9.5.3, 10.1.5, and 11.0.1. Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document,...<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/FE_research?a=rFigWGCryps:86FqGt6o0TU:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/FE_research?d=yIl2AUoC8zA" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/FE_research/~4/rFigWGCryps" height="1" width="1"/> Botnet Research Exploit Research Malware Research Vulnerability Research Zero-day Yichong Lin 2013-02-12T21:31:24-08:00 http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html http://feedproxy.google.com/~r/FE_research/~3/657aEXU0KFk/lady-boyle-comes-to-town-with-a-new-exploit.html [Update: February 12, 2013] By now you have probably heard of the new zero-day exploit in Adobe flash that was patched today. FireEye Labs identified the exploit in the wild on February 5, 2013, which based on the compile time and document creation time is the same day the malicious payload was generated. Adobe PSIRT has released information about this threat here. They have also released an advisory with details on versions and platforms affected...<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/FE_research?a=657aEXU0KFk:8mNJZoMK8ow:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/FE_research?d=yIl2AUoC8zA" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/FE_research/~4/657aEXU0KFk" height="1" width="1"/> Exploit Research Malware Research Thoufique Haq 2013-02-07T19:30:59-08:00 http://blog.fireeye.com/research/2013/02/lady-boyle-comes-to-town-with-a-new-exploit.html http://www.fireeye.com/images/FE_logo_horiz_sm.jpghttp://www.fireeye.com/