The fact that the use of regional software leaves systems just as vulnerable as the use of international brands is proven by the latest cybercriminal operations which relied on a weakness in Hancom Office, a text processing software mainly used in Korea.
Symantec researchers came across a piece of malware that begins its infection spree by posing as a document file that relies on vulnerabilities found in Hancom to drop malicious elements and open backdoors.
This particular sample was detected as carrying
Bloodhound.Olexe and the dropped files contained
Backdoor.Trojan.
Fortunately, in this case, the vulnerability that allowed for the infection to spread was patched up by Hancom sometime a month ago, but this doesn't mean that cyber masterminds will not find new ways in which they can take advantage of security holes.
This also comes to reinforce the fact that a product should be updated as soon as its vendors launch a patch, since these fixes not only resolve functionality bugs, but also ones that could leave a device vulnerable.
A similar incident occurred in a product predominantly utilized by government organizations in Japan. In that situation, a malevolent software exploited a flaw in
Ichitaro, also a word processing application.
In the past period we've seen that a lot of pieces of malware are released into the wild baring the form of innocent looking documents. Even the now infamous
Duqu was discovered as being unleashed in the form of a Microsoft Word document.
This means that internet users should be more aware of the fact that even simple documents that could come via email can always hide a malevolent plot, not only zip and executable files.
Since in many cases the viruses that attack systems are identified and neutralized by security solutions, it's always recommended to make sure your antivirus' virus definition database is up to date.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
