“There is no delight in owning anything unshared.”

Cyberattacks May 2013 – Malware on PRU 13 General Elections (Ubah!!)

As Malaysian are excited on the voting days which held at least once every five years. A new Malware has been discovered FinFisher (also called FinSpy). FinSpy is a commercially sold spyware package.

PRU

Canada based interdisciplinary laboratory had discovered a sample of FinFisher (a.k.a. FinSpy) surveillance in a Microsoft Word document crafted specifically for Malaysia’s 2013 general elections.

The specifically crafted Malware with the capability of:

  • hijack the camera and microphone.
  • infiltrates computers to grab screenshots.
  • record chat conversations.
  • log keystrokes.

Internet-based sources revealed this attack is targeting on Microsoft Word 2003. It will run VB-Macro and a fake FireFox 14.0 which named as “WINWORD.exe” will be created. The victim’s computer will communicate with the FinFisher Command & Control servers as follow:

168[.]144[.]97[.]39
117[.]121[.]241[.]86

Advisories:

  • Block the IP(s) 168.144.97.39 and 117.121.241.86
  • Be wary before clicking on links or opening files received from known/unknown sources.

May refer to Macro Security Levels in Office 2003 Macro Security Level

Full details by F-Secure: F-Secure Analysis

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s