Posted on 31.03.2015
"The initial infection vector involves the use of spam emails coming from the moneytrans[.]eu domain, which acts as an open relay Simple Mail Transfer Protocol (SMTP) server. These emails include a malicious attachment packed with an exploit for the Microsoft Windows Common Controls ActiveX Control Remote Code Execution Vulnerability (CVE-2012-0158)," Symantec's Christian Tripputi explained.
The attachment - an Excel file - would execute the exploit code for the aforementioned vulnerability, and drop a new reconnaissance Trojan with dropper capabilities: Laziok.
The Laziok Trojan would first collect system configuration data: computer name, RAM size, HD size, GPU and CPU details, list of installed software, and especially installed AV software.
Full Article
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.