Industry News

Vietnamese Users Targeted with Credential-Stealing Malware

An old vulnerability in Microsoft Word has triggered a series of infections with password-stealing malware in Vietnam, according to researchers at Metasploit-maker Rapid7.

The attack starts with specially crafted Microsoft Word documents that trigger CVE-2012-0158 and CVE-2012-1856, two vulnerabilities mitigated by the vendor last year. Until now, two known attacks use a Vietnamese document about “reviewing and discussing best practices for teaching and researching scientific topics,” and an English one detailing the coverage of GSM networks.

When opened, the exploit code triggers a vulnerability in the word processor, which results in stealthy installation of a piece of malware that steals credentials from the local storage of Internet Explorer and Mozilla Firefox. To steal data from Google Chrome, the malware also deploys a keylogger.

“Recently the growth of amount and scale of targeted attacks has come to the point w[h]ere they are starting to look more like opportunistic carpet bombings rather than ninja strikes,” wrote security researcher Claudio Guarnieri on the blog. “It’s common to observe attacks pulled off successfully without any particular sophistication in place, including the incidents described in this post.”

Today’s incident is yet another reminder about the necessity of deploying security hotfixes as soon as they are made available by the vendor, especially when it’s a common known bug mitigated one year ago.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.