As we have mentioned before, we’ve seen a large number of files spammed out to various organisations, exploiting the CVE-2012-0158 vulnerability.
Victims have not been limited to defence companies, but have also included government departments, charities and recruitment agencies.
One of the latest attacks we have seen was sent to a defence contractor, using the subject line “if you want sex pictrue!”.
(I have cropped the screenshot above so the full image is not displayed after it became clear that the pictured nurse had not brought her entire uniform to work).
Attached to the email is a file called sexpicture.rar that contains a number of naked pictures of Japanese model Sakura Shiratori.
Harmless enough you might think. However, alongside the seedy snapshots are two files.
An apparent screensaver, short-SEXGPJ_1.SCR, is malicious – and detected by Sophos products as Mal/Behav-043.
Another file, short-SEX_ST_1.DOC, is detected by Sophos products as Troj/DocDrop-AF, and attempts to install further malicious code onto victims’ computers by exploiting the CVE-2012-0158 vulnerability.
Although the email appears to have come from the Taiwanese branch of Yahoo, the “from:” address has been forged by whoever sent out the attack. I’m also going to make the fairly safe assumption that Miss Shiratori is not aware of how her images are being abused.
Make sure that the staff at your firm are wary of opening unsolicited email attachments, and that computers are defended with up-to-date anti-virus software and the latest security patches.
Microsoft released its patch for the vulnerability back in April – if you haven’t already rolled it out across your Windows PCs, do so now.