Similar Searches

Related News

Latest News

Host Security for SCADA and ICS Systems Part 2

Password management for non-obvious accounts

Twilight author’s official website attacked

An Interesting Opportunity

Megaupload’s Kim Dotcom bursts the jail bubble

MIDI exploit in the wild

Symantec Security Response is aware of in-the-wild malware exploiting the Microsoft Windows Media Player 'winmm.dll' MIDI File Parsing Remote Buffer Overflow Vulnerability (BID 51292). Microsoft has already issued a patch against this vulnerability in the monthly patch release this January. Applying the patch is strongly recommended.
There are several components involved in this live attack:

a.exe
baby.mid
i.js
mp.html

Symantec products detect mp.html and i.js as Trojan.Malscript. The vulnerable baby.mid file is detected as Trojan Horse and the end-result file, a.exe, is flagged as Downloader.Darkmegi. The Downloader.Darkmegi detection also covers a couple of dropped files: com32.dll and com32.sys.
On the IPS side, i.js is blocked by the Web Attack: Malicious JavaScript signature while the initial exploit attempt is blocked by the Web Attack: Malicious JavaScript Heap Spray Generic signature.

Source: Symantec Connect - Security Response - Blog Entries

Write a Comment

Copyright © 2012 The Security Blog. All rights reserved.