Windows zero day vulnerability - Sandworm

Moderators: b1o, jkerr82508

User avatar
viking60
Über-Berserk
Posts: 9280
Joined: 14 Mar 2010, 16:34

Windows zero day vulnerability - Sandworm

Postby viking60 » 15 Oct 2014, 11:43

Image
All Windows versions - except XP - have a zero day vulnerability that enables the perpetrator to fish all vital information from your Windows computer. This includes Credit Card numbers Passwords and System information.

Once you click a link your system can be completely taken over (You have to click that link).

The group iSIGHT has identified the vulnerability they call Sandworm - this is their name of it. F-Secure discovered parts of it and called it Quedach.
F-Secure did not identify this as a WIndows zero day exploit. The boring name for the vulnerability is CVE-2014-4114.

We know that these hackers use proxy servers to reroute internet traffic.
The emphasis is on who is using it to hack systems . So far we know this about the vulnerability:

    An exposed dangerous method vulnerability exists in the OLE package manager in Microsoft Windows and Server

    Impacting all versions of the Windows operating system from Vista SP2 to Windows 8.1

    Impacting Windows Server versions 2008 and 2012

    When exploited, the vulnerability allows an attacker to remotely execute arbitrary code

    The vulnerability exists because Windows allows the OLE packager (packager .dll) to download and execute INF files. In the case of the observed exploit, specifically when handling Microsoft PowerPoint files, the packagers allows a Package OLE object to reference arbitrary external files, such as INF files, from untrusted sources.
    This will cause the referenced files to be downloaded in the case of INF files, to be executed with specific commands

    An attacker can exploit this vulnerability to execute arbitrary code but will need a specifically crafted file and use social engineering methods (observed in this campaign) to convince a user to open it


iSIGHT points out the Russian government as the hacker and the targets are:

    NATO
    Ukrainian government organizations
    Western European government organization Energy Sector firms (specifically in Poland)
    European telecommunications firms
    United States academic organization

The vulnerability is called Sandworm due to the many references to the movie Dune where Sandworms play a vital role, it is not a classical worm in terms of computer worms.

If you want the deatailed report you can request it here

Microsoft is working to patch this vulnerability and to offer workarounds. Until that has happened further details will not be given - in the name of security.

What you can do about it, is not to open e-mail attachment's from untrusted sources and apply Microsoft patches.
Symantec (Norton AV) informs about this and interestingly the well renomated Russian Kaspersky lab does not.

Where your AV provider comes from does matter. Symantec is a US company Kaspersky is a Russian company - and both are banned in China

Instructions - with gag orders - to not discover "patriotic" viruses - can simply not be ruled out. In the name of national security - anything goes.
Running both of them should be an option though if one of the scans is ran offline from a DVD (not tested). Both Symantec and Kaspersky require for the other to be removed before install.Avira would be a good alternative being German or the Czech Avast.
Romanian Bitdefender seems to be winning all the tests these days.

Rumor has it that the Russians will not confirm their part in this cyber activity.... but someone claims to have heard Putin say :
Our intelligence agencies will continue to gather information about the intentions of governments -- as opposed to ordinary citizens -- around the world, in the same way that the intelligence services of every other nation does. We will not apologize simply because our services may be more effective

:confused

More here
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"

User avatar
R_Head
Berserk
Posts: 2566
Joined: 17 Mar 2010, 15:40

Re: Windows zero day vulnerability - Sandworm

Postby R_Head » 16 Oct 2014, 14:20

Oh no !!! Computer Ebola !!!!

User avatar
dedanna1029
Sound-Berserk
Posts: 8483
Joined: 14 Mar 2010, 20:29
Contact:

Re: Windows zero day vulnerability - Sandworm

Postby dedanna1029 » 06 Dec 2014, 00:48

You're also a spamming idiot.
I'd rather be a free person who fears terrorists, than be a "safe" person who fears the government.
No gods, no masters.
"A druid is by nature anarchistic, that is, submits to no one."
http://uk.druidcollege.org/faqs.html

User avatar
viking60
Über-Berserk
Posts: 9280
Joined: 14 Mar 2010, 16:34

Re: Windows zero day vulnerability - Sandworm

Postby viking60 » 07 Dec 2014, 15:06

There was a spammer post here
:A
http://www.stopforumspam.com/ipcheck/112.210.127.211

But as Jkerr pointed out; they may magically disappear and then the responses look rather odd - so it is better to not answer on spammer posts.
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"

User avatar
dedanna1029
Sound-Berserk
Posts: 8483
Joined: 14 Mar 2010, 20:29
Contact:

Re: Windows zero day vulnerability - Sandworm

Postby dedanna1029 » 07 Dec 2014, 23:42

True. Sorry!
I'd rather be a free person who fears terrorists, than be a "safe" person who fears the government.
No gods, no masters.
"A druid is by nature anarchistic, that is, submits to no one."
http://uk.druidcollege.org/faqs.html


Return to “Win News”