10 - TA14-300A

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	TA14-300A	First vendor Publication	2014-10-27
Vendor	US-CERT	Last vendor Modification	2014-10-27
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Overview

Since mid-October 2014, a phishing campaign has targeted a wide variety of recipients while employing the Dyre/Dyreza banking malware. Elements of this phishing campaign vary from target to target including senders, attachments, exploits, themes, and payload(s).[1][2] Although this campaign uses various tactics, the actor’s intent is to entice recipients into opening attachments and downloading malware.

Description

The Dyre banking malware specifically targets sensitive user account credentials. The malware has the ability to capture user login information and send the captured data to malicious actors.[3] Phishing emails used in this campaign often contain a weaponized PDF attachment which attempts to exploit vulnerabilities found in unpatched versions of Adobe Reader.[4][5] After successful exploitation, a user's system will download Dyre banking malware. All of the major anti-virus vendors have successfully detected this malware prior to the release of this alert.[6]

Please note, the below listing of indicators does not represent all characteristics and indicators for this campaign.

Phishing Email Characteristics:

Subject: "Unpaid invoic" (Spelling errors in the subject line are a characteristic of this campaign)

Attachment: Invoice621785.pdf

System Level Indicators (upon successful exploitation):

Copies itself under C:\Windows\[RandomName].exe

Created a Service named "Google Update Service" by setting the following registry keys:
- HKLM\SYSTEM\CurrentControlSet\Services\googleupdate\ImagePath: "C:\WINDOWS\pfdOSwYjERDHrdV.exe"
- HKLM\SYSTEM\CurrentControlSet\Services\googleupdate\DisplayName: "Google Update Service"

Impact

A system infected with Dyre banking malware will attempt to harvest credentials for online services, including banking services.

Solution

Users and administrators are recommended to take the following preventive measures to protect their computer networks from phishing campaigns:

Do not follow unsolicited web links in email. Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks [7] for more information on social engineering attacks.

Use caution when opening email attachments. For information on safely handling email attachments, see Recognizing and Avoiding Email Scams.[8]

Follow safe practices when browsing the web. See Good Security Habits [9]and Safeguarding Your Data [10] for additional details.

Maintain up-to-date anti-virus software.

Keep your operating system and software up-to-date with the latest patches.

US-CERT collects phishing email messages and website locations so that we can help people avoid becoming victims of phishing scams.

You can report phishing to us by sending email to phishing-report@us-cert.gov.

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA14-300A.html

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-189	Numeric Errors (CWE/SANS Top 25)
50 %	CWE-94	Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:16717

Oval ID:	oval:org.mitre.oval:def:16717
Title:	Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2727
Description:	Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2727.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-2729	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Version of Adobe Reader 9 is less than 9.5.5 Adobe Reader 9 Series is installed AND Version of Adobe Reader is less than 9.5.5 OR Version of Adobe Reader 10 is less than 10.1.7 Adobe Reader 10.x is installed AND Version of Adobe Reader is less than 10.1.7 OR Version of Adobe Reader 11 is less than 11.0.03 Adobe Reader 11.x is installed AND Version of Adobe Reader is less than 11.0.03 OR Version of Adobe Acrobat 9 is less than 9.5.5 Adobe Acrobat 9 Series is installed AND Version of Adobe Acrobat is less than 9.5.5 OR Version of Adobe Acrobat 10 is less than 10.1.7 Adobe Acrobat 10.x is installed AND Version of Adobe Acrobat is less than 10.1.7 OR Version of Adobe Acrobat 11 is less than 11.0.03 Adobe Acrobat 11.x is installed AND Version of Adobe Acrobat is less than 11.0.03

Definition Id: oval:org.mitre.oval:def:22083

Oval ID:	oval:org.mitre.oval:def:22083
Title:	ELSA-2010:0114: acroread security and bug fix update (Critical)
Description:	Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
Family:	unix	Class:	patch
Reference(s):	ELSA-2010:0114-01 CVE-2010-0186 CVE-2010-0188	Version:	13
Platform(s):	Oracle Linux 5	Product(s):	acroread
Definition Synopsis:
Oracle Linux 5.x rpm test acroread-plugin is earlier than 0:9.3.1-1.el5 AND acroread is earlier than 0:9.3.1-1.el5

Definition Id: oval:org.mitre.oval:def:22136

Oval ID:	oval:org.mitre.oval:def:22136
Title:	RHSA-2010:0114: acroread security and bug fix update (Critical)
Description:	Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
Family:	unix	Class:	patch
Reference(s):	RHSA-2010:0114-01 CVE-2010-0186 CVE-2010-0188	Version:	29
Platform(s):	Red Hat Enterprise Linux 5	Product(s):	acroread
Definition Synopsis:
The operating system installed on the system is Red Hat Enterprise Linux 5 Packages section acroread-plugin is earlier than 0:9.3.1-1.el5 AND acroread is earlier than 0:9.3.1-1.el5

Definition Id: oval:org.mitre.oval:def:8697

Oval ID:	oval:org.mitre.oval:def:8697
Title:	Adobe Reader and Acrobat Null Pointer Dereference Denial of Service Vulnerability
Description:	Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-0188	Version:	16
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.2.1 AND Adobe Reader library is less than 8.2.1 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.3.1 AND Adobe Reader library is less than 9.3.1 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.2.1 AND Adobe Acrobat library is less than 8.2.1 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than 9.3.1 AND Adobe Acrobat library is less than 9.3.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Adobe Acrobat cpe:2.3:a:adobe:acrobat:11.0.2:::::::* cpe:2.3:a:adobe:acrobat:11.0.1:::::::* cpe:2.3:a:adobe:acrobat:11.0:::::::* cpe:2.3:a:adobe:acrobat:10.1.6:::::::* cpe:2.3:a:adobe:acrobat:10.1.5:::::::* cpe:2.3:a:adobe:acrobat:10.1.4:::::::* cpe:2.3:a:adobe:acrobat:10.1.3:::::::* cpe:2.3:a:adobe:acrobat:10.1.2:::::::* cpe:2.3:a:adobe:acrobat:10.1.1:::::::* cpe:2.3:a:adobe:acrobat:10.1:::::::* cpe:2.3:a:adobe:acrobat:10.0.3:::::::* cpe:2.3:a:adobe:acrobat:10.0.2:::::::* cpe:2.3:a:adobe:acrobat:10.0.1:::::::* cpe:2.3:a:adobe:acrobat:10.0.1:-:pro:::::* cpe:2.3:a:adobe:acrobat:10.0:::::::* cpe:2.3:a:adobe:acrobat:10.0:-:pro:::::* cpe:2.3:a:adobe:acrobat:9.5.4:::::::* cpe:2.3:a:adobe:acrobat:9.5.3:::::::* cpe:2.3:a:adobe:acrobat:9.5.2:::::::* cpe:2.3:a:adobe:acrobat:9.5.1:::::::* cpe:2.3:a:adobe:acrobat:9.5:::::::* cpe:2.3:a:adobe:acrobat:9.4.7:::::::* cpe:2.3:a:adobe:acrobat:9.4.6:::::::* cpe:2.3:a:adobe:acrobat:9.4.6:-:::::: cpe:2.3:a:adobe:acrobat:9.4.5:::::::* cpe:2.3:a:adobe:acrobat:9.4.5:-:::::: cpe:2.3:a:adobe:acrobat:9.4.4:::::::* cpe:2.3:a:adobe:acrobat:9.4.4:-:::::: cpe:2.3:a:adobe:acrobat:9.4.3:::::::* cpe:2.3:a:adobe:acrobat:9.4.3:-:::::: cpe:2.3:a:adobe:acrobat:9.4.2:::::::* cpe:2.3:a:adobe:acrobat:9.4.2:-:::::: cpe:2.3:a:adobe:acrobat:9.4.1:::::::* cpe:2.3:a:adobe:acrobat:9.4.1:-:::::: cpe:2.3:a:adobe:acrobat:9.4:::::::* cpe:2.3:a:adobe:acrobat:9.3.4:::::::* cpe:2.3:a:adobe:acrobat:9.3.4:-:::::: cpe:2.3:a:adobe:acrobat:9.3.3:::::::* cpe:2.3:a:adobe:acrobat:9.3.2:::::::* cpe:2.3:a:adobe:acrobat:9.3.2:-:::::: cpe:2.3:a:adobe:acrobat:9.3.1:::::::* cpe:2.3:a:adobe:acrobat:9.3.1:-:::::: cpe:2.3:a:adobe:acrobat:9.3:::::::* cpe:2.3:a:adobe:acrobat:9.3:-:pro:::::* cpe:2.3:a:adobe:acrobat:9.2:::::::* cpe:2.3:a:adobe:acrobat:9.2:-:::::: cpe:2.3:a:adobe:acrobat:9.1.3:::::::* cpe:2.3:a:adobe:acrobat:9.1.3:-:::::: cpe:2.3:a:adobe:acrobat:9.1.2:::::::* cpe:2.3:a:adobe:acrobat:9.1.1:::::::* cpe:2.3:a:adobe:acrobat:9.1.1:-:::::: cpe:2.3:a:adobe:acrobat:9.1:::::::* cpe:2.3:a:adobe:acrobat:9.1:-:pro:::::* cpe:2.3:a:adobe:acrobat:9.0:::::::* cpe:2.3:a:adobe:acrobat:9.0:-:pro:::::*	55
Application	Adobe Acrobat Reader cpe:2.3:a:adobe:acrobat_reader:11.0.2:::::::* cpe:2.3:a:adobe:acrobat_reader:11.0.1:::::::* cpe:2.3:a:adobe:acrobat_reader:11.0:::::::* cpe:2.3:a:adobe:acrobat_reader:10.1.6:::::::* cpe:2.3:a:adobe:acrobat_reader:10.1.5:::::::* cpe:2.3:a:adobe:acrobat_reader:10.1.4:::::::* cpe:2.3:a:adobe:acrobat_reader:10.1.3:::::::* cpe:2.3:a:adobe:acrobat_reader:10.1.2:::::::* cpe:2.3:a:adobe:acrobat_reader:10.1.1:::::::* cpe:2.3:a:adobe:acrobat_reader:10.1:::::::* cpe:2.3:a:adobe:acrobat_reader:10.0.3:::::::* cpe:2.3:a:adobe:acrobat_reader:10.0.2:::::::* cpe:2.3:a:adobe:acrobat_reader:10.0.1:::::::* cpe:2.3:a:adobe:acrobat_reader:10.0:::::::* cpe:2.3:a:adobe:acrobat_reader:9.5.4:::::::* cpe:2.3:a:adobe:acrobat_reader:9.5.3:::::::* cpe:2.3:a:adobe:acrobat_reader:9.5.2:::::::* cpe:2.3:a:adobe:acrobat_reader:9.5.1:::::::* cpe:2.3:a:adobe:acrobat_reader:9.5:::::::* cpe:2.3:a:adobe:acrobat_reader:9.4.7:::::::* cpe:2.3:a:adobe:acrobat_reader:9.4.6:::::::* cpe:2.3:a:adobe:acrobat_reader:9.4.5:::::::* cpe:2.3:a:adobe:acrobat_reader:9.4.4:::::::* cpe:2.3:a:adobe:acrobat_reader:9.4.3:::::::* cpe:2.3:a:adobe:acrobat_reader:9.4.2:::::::* cpe:2.3:a:adobe:acrobat_reader:9.4.1:::::::* cpe:2.3:a:adobe:acrobat_reader:9.4:::::::* cpe:2.3:a:adobe:acrobat_reader:9.3.4:::::::* cpe:2.3:a:adobe:acrobat_reader:9.3.3:::::::* cpe:2.3:a:adobe:acrobat_reader:9.3.2:::::::* cpe:2.3:a:adobe:acrobat_reader:9.3.1:::::::* cpe:2.3:a:adobe:acrobat_reader:9.3:::::::* cpe:2.3:a:adobe:acrobat_reader:9.2:::::::* cpe:2.3:a:adobe:acrobat_reader:9.1.3:::::::* cpe:2.3:a:adobe:acrobat_reader:9.1.2:::::::* cpe:2.3:a:adobe:acrobat_reader:9.1.1:::::::* cpe:2.3:a:adobe:acrobat_reader:9.1:::::::* cpe:2.3:a:adobe:acrobat_reader:9.0:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.7:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.6:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.5:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.4:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.3:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.2:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.1:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1:::::::* cpe:2.3:a:adobe:acrobat_reader:8.0:::::::*	47

SAINT Exploits

Description	Link
Adobe Reader Libtiff TIFFFetchShortPair Stack Buffer Overflow	More info here

OpenVAS Exploits

Date	Description
2011-03-09	Name : Gentoo Security Advisory GLSA 201009-05 (acroread) File : nvt/glsa_201009_05.nasl
2010-02-26	Name : Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux) File : nvt/secpod_adobe_prdts_code_exec_vuln_feb10_lin.nasl
2010-02-26	Name : Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows) File : nvt/secpod_adobe_prdts_code_exec_vuln_feb10_win.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
62526	Adobe Reader / Acrobat LibTiff Overflow

Snort® IPS/IDS

Date	Description
2016-03-24	Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 37829 - Revision : 2 - Type : FILE-PDF
2016-03-24	Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 37828 - Revision : 2 - Type : FILE-PDF
2016-03-14	Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 36192 - Revision : 3 - Type : FILE-PDF
2016-03-14	Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 36191 - Revision : 3 - Type : FILE-PDF
2015-04-30	Nuclear exploit kit obfuscated file download RuleID : 33983 - Revision : 5 - Type : EXPLOIT-KIT
2015-04-30	Nuclear exploit kit landing page detected RuleID : 33982 - Revision : 3 - Type : EXPLOIT-KIT
2014-11-16	Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 31687 - Revision : 4 - Type : FILE-PDF
2014-11-16	Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 31686 - Revision : 3 - Type : FILE-PDF
2014-07-03	Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 31106 - Revision : 4 - Type : FILE-PDF
2014-07-03	Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 31105 - Revision : 4 - Type : FILE-PDF
2014-07-03	Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 31104 - Revision : 3 - Type : FILE-PDF
2014-07-03	Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 31103 - Revision : 3 - Type : FILE-PDF
2014-01-30	Stamp exploit kit PDF exploit retrieval attempt RuleID : 29131 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-30	Stamp exploit kit malicious payload download attempt RuleID : 29130 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-30	Stamp exploit kit jar exploit download - specific structure RuleID : 29129 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-30	Stamp exploit kit plugin detection page RuleID : 29128 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Adobe Acrobat Reader malformed TIFF remote code execution attempt RuleID : 28890 - Revision : 2 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader malformed TIFF remote code execution attempt RuleID : 28889 - Revision : 2 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader malformed TIFF remote code execution attempt RuleID : 28888 - Revision : 2 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader malformed TIFF remote code execution attempt RuleID : 28887 - Revision : 2 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 28621 - Revision : 6 - Type : FILE-PDF
2014-01-10	Himan exploit kit payload - Adobe Reader compromise RuleID : 28308 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Himan exploit kit landing page RuleID : 28307 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 28252 - Revision : 6 - Type : FILE-PDF
2014-01-10	Teletubbies exploit kit payload download RuleID : 27889 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Teletubbies exploit kit payload download RuleID : 27888 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader 9 RuleID : 27880 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader 8 RuleID : 27879 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Private exploit kit outbound traffic RuleID : 27144-community - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Private exploit kit outbound traffic RuleID : 27144 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Private exploit kit landing page RuleID : 27143 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Private exploit kit landing page RuleID : 27142 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Private exploit kit landing page RuleID : 27141 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Private exploit kit numerically named exe file dowload RuleID : 27140 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit JNLP request RuleID : 27070 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page - specific structure RuleID : 27067 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 26928 - Revision : 11 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 26927 - Revision : 11 - Type : FILE-PDF
2014-01-10	Sweet Orange exploit kit landing page in.php base64 uri RuleID : 26834-community - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Sweet Orange exploit kit landing page in.php base64 uri RuleID : 26834 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Sweet Orange exploit kit landing page RuleID : 26804 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	BMP extremely large xpos opcodes RuleID : 26665 - Revision : 6 - Type : FILE-IMAGE
2014-01-10	BMP extremely large xpos opcodes RuleID : 26664 - Revision : 11 - Type : FILE-IMAGE
2014-01-10	Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 26652 - Revision : 11 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 26651 - Revision : 11 - Type : FILE-PDF
2014-01-10	iFramer injection - specific structure RuleID : 26617 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Impact/Stamp exploit kit landing page RuleID : 26600 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Impact/Stamp exploit kit landing page RuleID : 26599 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit successful redirection - jnlp bypass RuleID : 26541 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	iFramer injection - specific structure RuleID : 26540 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Stamp exploit kit landing page RuleID : 26536 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit landing page - specific structure RuleID : 26535 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit java payload detection RuleID : 26512 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Sakura exploit kit redirection structure RuleID : 26511 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit pdf payload detection RuleID : 26510 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit java payload detection RuleID : 26509 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit landing page - specific structure RuleID : 26507 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit jar file redirection RuleID : 26506 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious jar download RuleID : 26256 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit redirection page RuleID : 26254 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Impact exploit kit landing page RuleID : 26252 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Sweet Orange exploit kit landing page RuleID : 26233 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Sweet Orange exploit kit landing page RuleID : 26232 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit MyApplet class retrieval RuleID : 26229 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit redirection page RuleID : 26228 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Sweet Orange exploit kit landing page RuleID : 26094 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit landing page RuleID : 26091 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit Portable Executable download RuleID : 26056 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 26055 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 26054 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 26053 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 26052 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious jar file download RuleID : 26051 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit SWF file download RuleID : 26050 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit EOT file download RuleID : 26049 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit PDF exploit RuleID : 26048 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit redirection structure RuleID : 26047 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit landing page RuleID : 26046 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit iframe redirection attempt RuleID : 26033 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page RuleID : 26031 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit Portable Executable download RuleID : 25968 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 25967 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 25966 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 25965 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 25964 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit SWF file download RuleID : 25963 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit EOT file download RuleID : 25962 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit former location - has been removed RuleID : 25960 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 25959 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 25958 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 25957 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 25956 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious jar file download RuleID : 25955 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit SWF file download RuleID : 25954 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit landing page RuleID : 25953 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit landing page RuleID : 25952 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit EOT file download RuleID : 25951 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit PDF exploit RuleID : 25950 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit java exploit retrieval RuleID : 25862 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit java exploit retrieval RuleID : 25861 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit landing page RuleID : 25860 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious jar file download RuleID : 25859 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit Java exploit download RuleID : 25858 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit PDF exploit RuleID : 25857 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit EOT file download RuleID : 25598 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit EOT file download RuleID : 25597 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit EOT file download RuleID : 25596 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit java exploit retrieval RuleID : 25595 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit java exploit retrieval RuleID : 25594 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit java exploit retrieval RuleID : 25593 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page - specific structure RuleID : 25591 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page - specific structure RuleID : 25590 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool Exploit Kit SWF file download RuleID : 25576 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Cool Exploit Kit SWF file download RuleID : 25575 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Cool Exploit Kit SWF file download RuleID : 25574 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Cool Exploit Kit SWF file download RuleID : 25573 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit java exploit retrieval RuleID : 25510 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit pdf exploit retrieval RuleID : 25509 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit java exploit retrieval RuleID : 25508 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit pdf exploit retrieval RuleID : 25507 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit EOT file download RuleID : 25506 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit EOT file download RuleID : 25505 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	JavaScript contained in an xml template embedded in a pdf attempt RuleID : 25475 - Revision : 8 - Type : FILE-PDF
2014-01-10	Sweet Orange exploit kit obfuscated payload download RuleID : 25391 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Sweet Orange exploit kit landing page - specific structure RuleID : 25390 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Sweet Orange exploit kit landing page - specific structure RuleID : 25389 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit java exploit retrieval RuleID : 25328 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit pdf exploit retrieval RuleID : 25327 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit java exploit retrieval RuleID : 25326 - Revision : 10 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit pdf exploit retrieval RuleID : 25325 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit landing page detected RuleID : 25324 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit EOT file download RuleID : 25323 - Revision : 10 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit EOT file download RuleID : 25322 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit 32-bit font file download RuleID : 25056 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit 64-bit font file download RuleID : 25055 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit requesting payload RuleID : 25045 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Sweet Orange exploit kit landing page - specific structure RuleID : 25044 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Nuclear exploit kit landing page detected RuleID : 24888 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page in an email RuleID : 24865 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page - specific-structure RuleID : 24864 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page in an email RuleID : 24863 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page - specific-structure RuleID : 24862 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page in an email RuleID : 24861 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page - specific-structure RuleID : 24860 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Sweet Orange exploit kit landing page - JAR redirection RuleID : 24840 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Sweet Orange exploit kit landing page - specific structure RuleID : 24839 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Sweet Orange User-Agent - contype RuleID : 24838 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Sweet Orange initial landing page RuleID : 24837 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit 64-bit font file download RuleID : 24784 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit 32-bit font file download RuleID : 24783 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit outbound request RuleID : 24782 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit outbound request RuleID : 24781 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit - PDF Exploit RuleID : 24780 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit - PDF Exploit RuleID : 24779 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit landing page - Title RuleID : 24778 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	JavaScript contained in an xml template embedded in a pdf attempt RuleID : 23612 - Revision : 11 - Type : FILE-PDF
2014-01-10	JavaScript contained in an xml template embedded in a pdf attempt RuleID : 23611 - Revision : 10 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader malformed TIFF remote code execution attempt RuleID : 23524 - Revision : 5 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader malformed TIFF remote code execution attempt RuleID : 23523 - Revision : 5 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader malicious TIFF remote code execution attempt RuleID : 23522 - Revision : 5 - Type : FILE-PDF
2014-01-10	Possible unknown malicious PDF RuleID : 23521 - Revision : 5 - Type : FILE-PDF
2014-01-10	Possible unknown malicious PDF RuleID : 23520 - Revision : 5 - Type : FILE-PDF
2014-01-10	Possible malicious pdf cve-2010-0188 string RuleID : 23519 - Revision : 3 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt RuleID : 23518 - Revision : 5 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt RuleID : 23517 - Revision : 5 - Type : FILE-PDF
2014-01-10	Phoenix exploit kit post-compromise behavior RuleID : 21860 - Revision : 5 - Type : MALWARE-CNC
2014-01-10	Phoenix exploit kit landing page RuleID : 21640 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Possible malicious pdf cve-2010-0188 string RuleID : 21537 - Revision : 4 - Type : FILE-PDF
2014-01-10	Possible unknown malicious PDF RuleID : 21453 - Revision : 7 - Type : FILE-PDF
2014-01-10	Possible unknown malicious PDF RuleID : 21429 - Revision : 10 - Type : FILE-PDF
2014-01-10	Eleanore exploit kit post-exploit page request RuleID : 21071 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Eleanore exploit kit pdf exploit page request RuleID : 21070 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Eleanore exploit kit exploit fetch request RuleID : 21069 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Eleanore exploit kit landing page RuleID : 21068 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Adobe Acrobat Reader malicious TIFF remote code execution attempt RuleID : 20577 - Revision : 13 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader malformed TIFF remote code execution attempt RuleID : 18585 - Revision : 13 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt RuleID : 17215 - Revision : 12 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt RuleID : 17214 - Revision : 12 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader malformed TIFF remote code execution attempt RuleID : 16490 - Revision : 15 - Type : FILE-PDF

Nessus® Vulnerability Scanner

Date	Description
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-437.nasl - Type : ACT_GATHER_INFO
2013-08-23	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201308-03.nasl - Type : ACT_GATHER_INFO
2013-05-19	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-8571.nasl - Type : ACT_GATHER_INFO
2013-05-19	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_acroread-130516.nasl - Type : ACT_GATHER_INFO
2013-05-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0826.nasl - Type : ACT_GATHER_INFO
2013-05-14	Name : The version of Adobe Acrobat installed on the remote Windows host is affected... File : adobe_acrobat_apsb13-15.nasl - Type : ACT_GATHER_INFO
2013-05-14	Name : The version of Adobe Reader on the remote Mac OS X host is affected by multip... File : macosx_adobe_reader_apsb13-15.nasl - Type : ACT_GATHER_INFO
2013-05-14	Name : The version of Adobe Reader on the remote Windows host is affected by multipl... File : adobe_reader_apsb13-15.nasl - Type : ACT_GATHER_INFO
2011-01-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-6879.nasl - Type : ACT_GATHER_INFO
2011-01-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-6881.nasl - Type : ACT_GATHER_INFO
2010-09-08	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201009-05.nasl - Type : ACT_GATHER_INFO
2010-03-04	Name : The remote openSUSE host is missing a security update. File : suse_11_0_acroread-100225.nasl - Type : ACT_GATHER_INFO
2010-03-04	Name : The remote openSUSE host is missing a security update. File : suse_11_1_acroread-100225.nasl - Type : ACT_GATHER_INFO
2010-03-04	Name : The remote openSUSE host is missing a security update. File : suse_11_2_acroread-100225.nasl - Type : ACT_GATHER_INFO
2010-03-04	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_acroread-100225.nasl - Type : ACT_GATHER_INFO
2010-02-19	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0114.nasl - Type : ACT_GATHER_INFO
2010-02-17	Name : The version of Adobe Reader on the remote Windows host is affected by multipl... File : adobe_reader_apsb10-07.nasl - Type : ACT_GATHER_INFO
2010-02-17	Name : The version of Adobe Acrobat on the remote Windows host is affected by multip... File : adobe_acrobat_apsb10-07.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-10-28 13:22:45	First insertion

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	4
CPE ID(s)	102
Saint Exploit(s)	1
osvdb(s)	1
Openvas Exploit(s)	3
Snort® Rule(s)	179
Nessus® Exploit(s)	18

	Related
10	CVE-2013-2729
9.3	CVE-2010-0188
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)