Microsoft zero-day was used in Citadel Trojan campaign, as well as targeted attacks

CitadelResearchers at FireEye say that they have uncovered evidence that the recently-announced Microsoft zero-day vulnerability is not just being used in targeted attacks, but also has been used in wider finanically-motivated malware campaigns.

Yesterday, Microsoft announced a critical security vulnerability that was being exploited in targeted attacks - mostly against "companies based in the Middle East and South Asia".

FireEye says that it has connected the attack with the "Operation Hangover" attacks against India, Pakistan and other countries uncovered earlier this year.

But what's perhaps most interesting to regular computer users is that the CVE-2013-3906 zero-day vulnerability that can exist in TIFF images was also being used in attacks that spread versions of the sophisticated Citadel banking Trojan horse.

FireEye links these, more widespread, attacks to the Arx hacking group who typically spammed out malware-laden messages posing as "SWIFT Payment" emails.

Malware campaign

Malware campaign. Image courtesy of FireEye

Opening the attached Word DOC files would cause your computer to install further malware, with the intention of spying upon your online banking and stealing your credentials.

Boobytrapped Word document

Boobytrapped Word document. Image courtesy of FireEye

This discovery underlines for all at-risk Microsoft users the importance of installing the temporary emergency fix-it tool. It's not just big corporations and nation states who could be in risk of having their computers compromised by this security flaw.

Read more on the FireEye blog.

Tags: , , , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , , , ,

No comments yet.

Leave a Reply