Windows 0-day is exploited to install creepy Finspy malware (again)

by
Dan Goodin
from Ars Technica - All content on (#31Z2K)
wsdl-parser-800x432.png

Enlarge / The WSDL parser, where the zero-day was located. (credit: FireEye)

On Tuesday, Microsoft patched a previously unknown vulnerability that researchers say was actively exploited by an undisclosed nation to install surveillance malware on one or more vulnerable computers.

The exploit, according to a blog post published Tuesday by security firm FireEye, was embedded in a Microsoft Word document. Once opened, the document exploited a zero-day vulnerability in Microsoft's .Net framework. The exploit caused the targeted computer to install Finspy (sometimes "FinSpy"), a family of surveillance software that its controversial developer, UK-based Gamma Group, sells to governments throughout the world. Tuesday's blog post said the document might have been used to infect an unnamed "Russian speaker." The vulnerability, indexed as CVE-2017-8759, comes five months after FireEye disclosed a different zero-day being used to distribute Finspy.

"These exposures demonstrate the significant resources available to 'lawful intercept' companies and their customers," FireEye researchers wrote. "Furthermore, Finspy has been sold to multiple clients, suggesting the vulnerability was being used against other targets."

Read 4 remaining paragraphs | Comments

index?i=SwCiJN1A2t0:P_IwV4ODjek:V_sGLiPB index?i=SwCiJN1A2t0:P_IwV4ODjek:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments