EXPIRO File Contaminators come up in Fresh Versions; Trend Micro

Trend Micro the security company said that its researchers detected fresh samples of PE_EXPIRO a well-known family of file contaminators, recently.

The company explained that assaults involving the EXPIRO malicious program began with enticing potential victims onto a malevolent website that hosted an attack toolkit. A number of exploits were getting utilized such as one Java exploit identified to be JAVA_EXPLOIT.ZC that abused the CVE-2012-1723 vulnerability. One more Java flaw namely CVE-2013-1493 too was getting abused. Alongside, there was one PDF exploit utilized during the assaults, the file identified to be TROJ_PIDIEF.JXM.

Whichever attack code gets utilized, it's the same end-result, says Trend Micro. The main malware, whether 'PE64-EXPIRO-O,' 'PE_EXPIRO.QW-O' or 'PE_EXPIRO.JX-O,' targeting 64-bit computers, dangerously infects the target machines.

And when on any impacted computer, the file infector hunts executable files within it for contaminating them. The search pans across each-and-every folder within drives, including networked, shared and removable. The contaminated documents get identified as PE_EXPIRO.JX.

The EXPIRO malware filches user and system details, particularly Windows operating system's product ID, Windows OS version, serial number of drive volume as well as user login details. It further filches File Transfer Protocol (FTP) IDs stored and available from FTP's Filezilla client.

Once filched the data gets uploaded onto C&C servers.

Researchers at Trend Micro stated that when different threats were combined, an extremely unusual situation occurred that indicated that the assaults weren't off-the-shelf kind which employed easily-obtainable cyber-crime tools. Computerworld.com published this dated July 15, 2013.

Looking at the way FTP credentials get filched shows that the cyber-criminals attempt at compromising websites alternatively attempt at filching data from organizations which's stacked on FTP online systems. Nevertheless, this threat does not seem as attacking any specific industry, state Trend's researchers.

Incidentally, an increase in contaminations due to the fresh EXPIRO samples came in notice on 11th July 2013. Additionally, according to the researchers, approximately 70% of the entire contaminations were in USA.

Notably, the EXPIRO assaults involve abuse of vulnerabilities through exploits; therefore Trend Micro recommends that end-users immediately, make their computers up-to-date by installing most recent security patches, reported infosecurity-magazine.com dated July 15, 2013.

» SPAMfighter News - 7/25/2013