• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

 | 

Critical Sudo bugs expose major Linux distros to local Root exploits

 | 

Google fined $314M for misusing idle Android users' data

 | 

A flaw in Catwatchful spyware exposed logins of +62,000 users

 | 

China-linked group Houken hit French organizations using zero-days

 | 

Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

 | 

Europol shuts down Archetyp Market, longest-running dark web drug marketplace

 | 

Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

 | 

Cisco removed the backdoor account from its Unified Communications Manager

 | 

U.S. Sanctions Russia's Aeza Group for aiding crooks with bulletproof hosting

 | 

Qantas confirms customer data breach amid Scattered Spider attacks

 | 

CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025

 | 

U.S. CISA adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog

 | 

A sophisticated cyberattack hit the International Criminal Court

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Security
  • Tens of zero day vulnerabilities, millions of users exposed

Tens of zero day vulnerabilities, millions of users exposed

Pierluigi Paganini October 17, 2012

Every day we read about cyber threats, zero day vulnerabilities and new patch to apply so I decided to speak about a couple of vulnerabilities I believe potential dangerous for internet users. There is no peace for browsers, this category of application is considered a privileged target for hackers due their large diffusion. Once again has been exploited a zero-day vulnerability that make possible the loading of malicious code on victim machines. The vulnerability affects the latest editions of the IE 7 and IE 8 browser and Adobe’s Flash software running fully patched Windows XP SP3 and it’s clear the wide audience impacted all over the world. According many security experts the responsible of the exploit are Chinese hackers that unleashed other 0-day vulnerabilitie attacks in last months. The security specialist Eric Romang analyzing the compromised servers used to conduct the recent attacks against vulnerable Java installations has found a new zero day exploit for Microsoft’s Internet Explorer web browser, the discovery confirms the presence of an organized group of hackers with deep knowledge on common use application. Romang declared:

“I can confirm, the zero-day season is really not over yet.”

Principal security analysts believe that the group of hackers is still active and is rearranging his offensive, AlienVault Labs researcher Jaime Blasco declared:

“the gang behind the Java attacks in August and September may be moving on: with domains used in that attack located at new IP addresses and serving up the new and more potent attacks.”

How does the exploit works? The AlienVault Labs web site proposed an interesting representation of the process of infection:

“the file exploit.html creates the initial vector to exploit the vulnerability and loads the flash file Moh2010.swf, which is a flash file encrypted using DoSWF. The Flash file is in charge of doing the heap spray. Then it loads Protect.html.”

The mechanism is simple, the victim can get compromised visiting a malicious website, the same mechanism has been used to spread the famous Poison Ivy Trojan as part of the Nitro campaign. This kind of vulnerability once discovery are simply to exploit, Metaspoit testing framework for example has been equipped with a specific module usable by the attacker to exploit the vulnerability on Internet Explorer versions 7, 8 and 9 on Windows XP, Vista and 7. According Rapid7 researcher in the time between the discovery of vulnerability and the release of patch about 41% of Internet users in North America and 32% world-wide was at risk, these figure give us a dimension of the efficiency of this type of offensive. Attacks against browsers are just one of the infinite opportunity for the attackers, I always highlight that it is easier to attack than defend themselves from a multitude of hackers that have the primary intent to exploit common use applications and platforms. Recently researchers from ‘ReVuln’, Donato Ferrante and Luigi Auriemma reporteda vulnerability in Steam Browser Protocol.

“Steam is a digital distribution, digital rights management, multiplayer and communications platform developed by Valve Corporation. It is used to distribute games and related media online, from small independent developers to larger software houses”

As of August 2012 the platform have 54 million active user accounts and it provide over 1500 games available through Steam protocol  that allow to run, install and uninstall games, backup files, connect to servers and reach various sections dedicated to customers. The flaw allows the attacker to “write arbitrary text to file and direct victims to external payloads and even the computer can take over”. The vulnerability  impacted browsers  based on the Mozilla engine such as Firefox, but also Safari. The experts demonstrated that browsers and also software clients such as RealPlayer would execute the external URL handler without providing information to the user, making silently Steam browser protocol calls exposing customers to risk of attacks. An attacker could write malicious code in a file and executes commands when users started up Steam or execute remote code using the Unreal engine.

“In one proof of concept involving the Steam browser, attackers used malicious YouTube links within Steam user profiles to bait users. Users who viewed the videos and wished to leave comments would be phished with malicious steam:// URLs that pointed to external sites.” explained by Darren Pauli.

The cases presented raise different questions, first of all the strategic importance of the discovery of vulnerability, a new market is born,  governments, cyber criminals and private business are demonstrating great interest in the flaws such as the ones presented.

We have discussed on many occasions the development of cyber weapons in cyber warfare context, it is clear that the efficacy of the malicious exploit depend of the unknown flaw exploited. State-sponsored attacks are the first to benefit of this knowledge and the malicious agents that remains undetected for years, such as Flame, are the demonstration.

The zero-day vulnerabilities assume a great relevance if referred to a common applications due their impact on millions of users, every thing that surrounds use has an intelligent component inside, from the medical devices to the appliances, that could be exploited …

so let’s think as hacker to prevent serious attacks!

Pierluigi Paganini

(Security Affairs – Cyber security)


facebook linkedin twitter

browser Chinese hackers cyber warfare Cybercrime Flame Hacking patch security state-sponsored attacks zero-day vulnerabilities

you might also like

Pierluigi Paganini July 07, 2025
Taiwan flags security risks in popular Chinese apps after official probe
Read more
Pierluigi Paganini July 07, 2025
U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    New Batavia spyware targets Russian industrial enterprises

    Uncategorized / July 07, 2025

    Taiwan flags security risks in popular Chinese apps after official probe

    Security / July 07, 2025

    U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

    Hacking / July 07, 2025

    Hunters International ransomware gang shuts down and offers free decryption keys to all victims

    Cyber Crime / July 06, 2025

    SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

    Security / July 06, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT