Windows zero-day vulnerability targeted embassies, used email referencing Syrian civil war

Back in November, it was reported that a zero-day security vulnerability was present in Microsoft Windows XP and Server 2003 systems that could allow someone to unauthorizedly install programs, modify or delete data, and create accounts with full administrative rights. Microsoft released a statement addressing the issue, saying that they would "take appropriate action to help protect customers. However, recent information has revealed that the vulnerability was used in a targeted attack on the server systems of 28 embassies in a Middle Eastern capital city.

The vulnerability, which according to Microsoft only affects Windows XP and Server 2003 systems, was exploited as part of a targeted attack on embassies in the Middle Eastern region. The payload was distributed by means of a blank email, with a subject line and attachment name referencing the ongoing Syrian conflict so as to encourage users to open it. No details have arisen as to whether or not the exploit vitally affected any systems, but according to Japanese security software company Trend Micro, the attack is suggestive of "a level of organization and available resources beyond ordinary cybercriminals." The company also mentioned that the exploit was designed specifically to avoid detection, saying: "Apart from the targeting and the anti-analysis techniques, there does not appear to be other particularly unusual or unique behaviors in this attack. The anti-analysis techniques in the backdoor (detected as BKDR_TAVDIG.GUD) were designed to hide from or freeze debuggers, making analysis and attribution more difficult."

Microsoft has been contacted for comment.

Source: TrendMicro | Image via Shutterstock - Digital padlocks/text

Report a problem with article
Previous Story

Ford CEO Alan Mulally officially takes himself out of Microsoft CEO race

Next Story

Intel's upcoming RealSense 3D camera to add features to Skype and Lync calls

42 Comments

Commenting is disabled on this article.

Wow!

Haven't people grown up enough yet to get past that Mac vs. Linux vs. Windows vulnerability thing yet?

Not even going to get into a comparison myself, as it's a mute point!

Vulnerability:
I could steal credit card information, and save it to someone's server, even though I was never given access to said server.

Virus:
Replicates and spreads as it's using some sort of protocol usually most common as an attachment in an email or specifically targeted to exploit a vulnerability, like the one I just stated, that about correct?

MrHumpty said,
isn't it past your bedtime?

nothing wrong with past,
The successful Android can be traced to the past called Linux
and Linux can be traced to the past called Unix

And Unix itself were even more ancient than MS-DOS!!
see, what can an improved 'past' can achieves?

Torolol said,

nothing wrong with past,
The successful Android can be traced to the past called Linux
and Linux can be traced to the past called Unix

And Unix itself were even more ancient than MS-DOS!!
see, what can an improved 'past' can achieves?

It's great that you considered that both witty and a good argument to support your position.

Just to point out.. every operating system has had critical vulnerabilities in it, you can easily look them up. Each and every one. OSX and Linux included.

Max Norris said,
Just to point out.. every operating system has had critical vulnerabilities in it, you can easily look them up. Each and every one. OSX and Linux included.

I know that but risk with mac and Linux is much more less than using windows.

even with vulnerability on mac a situation like this is very rare.. its like 1 in million compared to windows

fredrichman said,
even with vulnerability on mac a situation like this very rare.. its like 1 in million compared to windows

Don't confuse malware (which targets the users, hence Windows) versus vulnerabilities in an OS or application, not the same thing. Historically based on how many reported exploits were found, OSX didn't fare well at all over the years. Not the worst by any stretch (oddly enough it's not Windows either..) but most definitely far from spotless.

fredrichman said,

I know that but risk with mac and Linux is much more less than using windows.

even with vulnerability on mac a situation like this is very rare.. its like 1 in million compared to windows

Stats to prove that 1 in a million figure?

The problem is that people like you will throw out these claims, that Mac never gets viruses/Trojans, that they never have problems and they just work. Then when a Mac has a virus/Trojan, has a problem, or Apple just ships crap hardware/software, then people like you start yelling that nobody ever claimed that Apple is virus/Trojan free (even though their web site stated that very thing), that nobody ever said they are perfect, or if you think their software/hardware is crap then you made it up like antenna gate so it is your fault and you need to go away because you are a hater.

Just like the guy in the forums who is saying that everything Microsoft does crashes while his Mac is perfect. But when confronted with the fact it is simply not true, then you run and hide.

Max Norris said,

Don't confuse malware (which targets the users, hence Windows) versus vulnerabilities in an OS or application, not the same thing. Historically based on how many reported exploits were found, OSX didn't fare well at all over the years. Not the worst by any stretch (oddly enough it's not Windows either..) but most definitely far from spotless.

its not the same but they have a direct relation.. this article wouldn't be a news if the vulnerability was not used to deliver a virus payload... vulnerability is the first step to getting infected but with mac that conversion rate is almost zero. conversion rate of vulnerability to virus is high on windows while its hard to even find virus on mac. I am not saying its not there but much safe... I am still glad i use mac at least dont have worry about millions viruses

fredrichman said,
its not the same but they have a direct relation.. this article wouldn't be a news if the vulnerability was not used to deliver a virus payload... vulnerability is the first step to getting infected but with mac that conversion rate is almost zero. conversion rate of vulnerability to virus is high on windows while its hard to even find virus on mac. I am not saying its not there but much safe... I am still glad i use mac at least dont have worry about millions viruses

I really wish people would stop focusing on viruses specifically when they're actually a very small percentage of the malware world, it's trite and inaccurate when you're going to gloss over the majority of the problems, which no OS is immune to, even Mac's.

Vulnerabilities does not mean a direct relation to malware. At all. Could be used for such? Sure. Guarantee of a virus? Absolutely not. Vulnerabilities can be used to gain access to a system. Steal data. Trash things. Denial of service. Just cause general grief. Most certainly not limited to operating systems either. Again, easy to find this information.. servers, applications, browsers, you name it. Case in point, random example, the predictable Debian SSL key vulnerability that was around for a couple of years. Using that a server could be compromised or wrecked in a gazillion ways, none of which have anything to do with malware. It's just a bug/oversight in code that can be taken advantage of, nothing more.

fredrichman said,

I know that but risk with mac and Linux is much more less than using windows.

even with vulnerability on mac a situation like this is very rare.. its like 1 in million compared to windows

That's because so few people use Macs it's not worth the trouble. Linux is a kernel and not an OS so isn't applicable. There's tons of Unix server targeted exploits.

Edited by Screw this Nazi Site, Jan 8 2014, 1:36am :

Max Norris said,

I really wish people would stop focusing on viruses specifically when they're actually a very small percentage of the malware world, it's trite and inaccurate when you're going to gloss over the majority of the problems, which no OS is immune to, even Mac's.

Vulnerabilities does not mean a direct relation to malware. At all. Could be used for such? Sure. Guarantee of a virus? Absolutely not. Vulnerabilities can be used to gain access to a system. Steal data. Trash things. Denial of service. Just cause general grief. Most certainly not limited to operating systems either. Again, easy to find this information.. servers, applications, browsers, you name it. Case in point, random example, the predictable Debian SSL key vulnerability that was around for a couple of years. Using that a server could be compromised or wrecked in a gazillion ways, none of which have anything to do with malware. It's just a bug/oversight in code that can be taken advantage of, nothing more.

this article is not about vulnerability but a vulnerability which was reported long ago made to a VIRUS... thats why i said I am glad I am using mac where viruses are still rare on mac. even if mac and windows has equal vulnerability conversion rate for virus is more on windows.. you took my initial comment to different direction

fredrichman said,
this article is not about vulnerability but a vulnerability which was reported long ago made to a VIRUS...

First, it's not a virus.

Second, it would be no different than random bad guy exploiting a vulnerability in OSX and having it do naughty things either. Which has already happened.

Max Norris said,

First, it's not a virus.

then what is that?? give me a name for it? "information has revealed that the vulnerability was used in a targeted attack on the server systems of 28 embassies in a Middle Eastern capital city" "The anti-analysis techniques in the backdoor (detected as BKDR_TAVDIG.GUD) " the article doesn't say virus but it is a trojan horse or a virus

fredrichman said,
I know what a virus is.. but what is this(what the article is mentioning) called??? I dont think u have an answer to that or maybe you are under denial

Well apparently you don't if you keep calling a backdoor a virus. Article even calls it as such. Even gives you the name so you can, you know, look it up.

Max Norris said,

Well apparently you don't if you keep calling a backdoor a virus. Article even calls it as such. Even gives you the name so you can, you know, look it up.

ok so you are saying its a backdoor(my bad i called it a virus)... then let me go to my actual comment. I am glad I am using mac.. I dont have deal with thousands of backdoors which is exploited

WhatTheSchmidt said,

Stats to prove that 1 in a million figure?

There are no stats to back up the claim because, you know, it's a figure of speech.


The problem is that people like you will throw out these claims, that Mac never gets viruses/Trojans, that they never have problems and they just work.

Reread fred's initial post and every one after. The claim that Macs never get viruses/Trojans was never made. He claimed that it was rare. So his position is that viruses and such are less prevalent on Mac and Linux compared to Windows, and not that they don't get them period, and that Macs just work.

https://yourlogicalfallacyis.com/strawman


Then when a Mac has a virus/Trojan, has a problem, or Apple just ships crap hardware/software, then people like you start yelling that nobody ever claimed that Apple is virus/Trojan free (even though their web site stated that very thing), that nobody ever said they are perfect, or if you think their software/hardware is crap then you made it up like antenna gate so it is your fault and you need to go away because you are a hater.

Apple never claimed that OSX was virus free. All official documentation and advertisements from Apple states that OSX did not get Windows viruses. ie. viruses written to exploit vulnerabilities in the Windows operating system.

The only ones claiming that OSX is virus free are people who are ignorant, parroting what they heard, or claiming people are saying that so that they have something to attack in an argument because, again, https://yourlogicalfallacyis.com/strawman

Mr. Hand said,

That's because so few people use Macs it's not worth the trouble. Linux is a kernel and not an OS so isn't applicable. There's tons of Unix server targeted exploits.

Love the reference to Linux as a kernel and not an OS. Noting it as a kernel, vs simplifying it to a general OS category, really is not that much of a stretch. Should the person have started listing distros based on Linux? Much like Windows generalized down to being the same in every version (even the really old pre-NT kernel based Wins).

Will just say, distributions based on Linux can be vulnerable too. Otherwise it is like saying here is a house. No windows, doors, etc. Live in it.. oh wait, you want to get into it to live and use it. Add some doors, then complain when a family member forgets to lock the door. Same for Windows, add enough junk on top of Linux kernel and it could get ugly.

Make any OS/kernel (if you want to say Linux kernel is a kernel and not an OS, will say any "distribution") big enough to become a attractive target, people will start paying attention to it more. Bug conversations like this are good to inform the users of OSes that may have given up on Windows because they may have ran into some malware (not even a virus most likely) due to their own behavior on or usage of the OS. This reminds me of working with a proud Mac OS and Linux user that wanted to always run with a admin account without UAC on Windows but were content dealing with the permission prompts in Mac OS and running without root on Linux. Choosing to use apps that were poorly designed garbage that could not even run correctly with UAC. The Windows world is full of apps.. lot of them. Lots of junk, and more then enough programs that work well as they are made well.

benthebear said,

... usual stalker stuff

http://www.crn.com/news/securi...mparisons-from-web-site.htm

From the article:

Here is how Apple used to phrase this: "A Mac isn't susceptible to the thousands of viruses plaguing Windows-based computers. That's thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part."

See, this is the very definition of a straw man, claim that your computer cannot get infected, and when people repeat that, then change the meaning of what they said, just as you have done.

Edit: BTW, don't you usually start yelling about changing the subject by now? Or is it OK because another dime a dozen Apple fanboy changed the subject to talk about how good Apple is, so you allow that?

fredrichman said,

ok so you are saying its a backdoor(my bad i called it a virus)... then let me go to my actual comment. I am glad I am using mac.. I dont have deal with thousands of backdoors which is exploited

Your Mac won't get PC virus's. That's a given. Macs, however, are still vulnerable if not fully up to date and the user believes their Mac cannot get infected. This is a growing threat such that Apple included "File quarantine" into OS X. This is in fact an anti-malware program that monitors files. Use of the word "virus" is not accurate in today's computer world. "Malware" is more correct. Macs users can and do inadvertently install malware. Security through obscurity is what exists. Macs has less than a 7% market share. Windows RT, with less than 0.1%, is likely the most virus resistant consumer OS today.

bilemke said,
This reminds me of working with a proud Mac OS and Linux user that wanted to always run with a admin account without UAC on Windows but were content dealing with the permission prompts in Mac OS and running without root on Linux. Choosing to use apps that were poorly designed garbage that could not even run correctly with UAC. The Windows world is full of apps.. lot of them. Lots of junk, and more then enough programs that work well as they are made well.

I agree 100% about crap apps that don't need admin access but refuse to work properly with restricted accounts. However I also place a lot of the blame on MS itself. They should have started making non-admin accounts the default years ago and forced crap app creators to either fall in line or risk being killed off. Their antipathy to breaking apps, even bad ones (they even go so far as to fix broken apps themselves!) often turns out to be an albatross around their neck.

Romero said,
However I also place a lot of the blame on MS itself. They should have started making non-admin accounts the default years ago

That I can get behind.. long overdue. First account is an admin account, everything else is regular user, first thing I set up on a new install. Yea credentials are a hassle, but meh the time it takes to runas/sudo/su/whatever is lot shorter than the hassle of cleaning up a mistake. The "average person" isn't going to be aware of that and rely on the UAC prompts to shield them... can still trash your user account but won't hurt the system itself.

There will probably be third party patches, it's been done before, but how can you trust them to work? Also since the code can't be audited, you will most likely have to wait for an actual exploit or for MS to patch their other OSes to know what holes you need to plug, and at that point you are constantly playing catch up while remaining vulnerable in the meantime. It's not very sensible to stick with XP.

Geezy said,
There will probably be third party patches, it's been done before, but how can you trust them to work?

I'm expecting 3rd party 'patches' to show up. And I'm expecting those 3rd party patches to be a plague of trojans. It's going to be a bloodbath for those who don't upgrade.