Last week Adobe released a patch for Adobe Flash that fixed a zero day vulnerability, CVE-2013-0633. Now, hackers are using the exploits to target indivudals involved in the IEEE Aerospace. They’re using Microsoft Office files with embedded flash content delivered via email.
The vulnerability is not isolated, it is circulating the news of a new one coded CVE-2013-0634 being exploited trough web browsers such as Firefox and Safari on Mac OSX that has been identified by FireEye security firm.
Security researchers at Alien Vault unveiled that assailants delivered the malware via a directed spear phishing effort aimed at the US aerospace sector and industry.
Jaime Blasco, managing director at Alienvault laboratories discovered that one of the Office attachments utilized the Flash exploit was a 2013 Institute of Electrical and Electronics Engineers (IEEE) Aerospace Conference schedule.
The analysis proposed by FireEye revealed interesting particulars, despite Word files are in English the codepage of Word files are “Windows Simplified Chinese (PRC, Singapore)”.
“Two oddities of the malware were a coding reference to “Lady Boyle”, a character in the adventure game, “Dishonored”. The authors also failed to obfuscate the malicious Flash file, leaving it open to detection by generic antivirus signatures.”