{"id":82990,"date":"2016-06-03T14:12:18","date_gmt":"2016-06-03T08:42:18","guid":{"rendered":"https:\/\/blogs.quickheal.com\/?p=82990"},"modified":"2016-06-06T14:55:26","modified_gmt":"2016-06-06T09:25:26","slug":"new-cve-in-spammers-toolkit","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/new-cve-in-spammers-toolkit\/","title":{"rendered":"New Common Vulnerabilities and Exposure (CVE) in Spammer\u2019s toolkit"},"content":{"rendered":"<p>The Quick Heal Malware Intelligence Reporting System has made a recent observation about a CVE (Common Vulnerabilities and Exposures) known as <a href=\"https:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=cve-2015-2545\">CVE-2015-2545<\/a> being actively used in an online spam campaign.<\/p>\n<p>The campaign begins with targeted users receiving a spam email with an attached malicious document. Below are some common attachment names used in this spam campaign:<\/p>\n<ul>\n<li>Proforma Order.doc<\/li>\n<li>Confirmed_orders.doc<\/li>\n<li>Covering letter.doc<\/li>\n<li>Payment_Advise.doc<\/li>\n<li>Purchase Order.doc<\/li>\n<li>TIANJIN_LIGHT_IMPORT_EXPORT.doc<\/li>\n<li>Outstanding_Acc-40493.doc<\/li>\n<\/ul>\n<p>Spammers trick users into opening the attached document which contains the exploit code for <a href=\"https:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=cve-2015-2545\">CVE-2015-2545<\/a>. Once the document is opened, it exploits the vulnerability present in unpatched versions of Microsoft Office.<\/p>\n<p>This vulnerability was patched by Microsoft in September 2015. Users who haven\u2019t applied Microsoft security updates for this vulnerablity are at a risk of this exploit.<\/p>\n<p>By exploiting Microsoft Office software, spammers execute malicious code on the victim\u2019s machine and can download and execute malware payload.<\/p>\n<p>Some URLs found for payload download in this campaign include:<\/p>\n<ul>\n<li>hxxp:\/\/cozeh.com\/.css\/mun.exe<\/li>\n<li>hxxp:\/\/hmarques.lusitanium.com\/Image\/PonyOrder_1C0.exe<\/li>\n<li>hxxp:\/\/bunandbar.com\/.css\/maha.exe<\/li>\n<li>hxxp:\/\/bunandbar.com\/.css\/joe.exe<\/li>\n<li>hxxp:\/\/bunandbar.com\/.css\/cyprus.exe<\/li>\n<\/ul>\n<p><strong>Download this PDF to read the complete report:<\/strong><\/p>\n<p><a href=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2016\/06\/CVE-Report.pdf\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-82869 alignleft\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2016\/05\/PDF-icon.png\" alt=\"PDF icon\" width=\"80\" height=\"81\" srcset=\"https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2016\/05\/PDF-icon.png 256w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2016\/05\/PDF-icon-150x150.png 150w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2016\/05\/PDF-icon-70x70.png 70w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2016\/05\/PDF-icon-80x81.png 80w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2016\/05\/PDF-icon-45x45.png 45w\" sizes=\"(max-width: 80px) 100vw, 80px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #666666;\">ACKNOWLEDGEMENT<\/span><\/p>\n<ul>\n<li>Manish Sardiwal<\/li>\n<li>Pavankumar Chaudhari<\/li>\n<\/ul>\n<p>&#8211; Vulnerability Analysis &amp; Research Team<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Quick Heal Malware Intelligence Reporting System has made a recent observation about a CVE (Common Vulnerabilities and Exposures) known as CVE-2015-2545 being actively used in an online spam campaign. The campaign begins with targeted users receiving a spam email with an attached malicious document. Below are some common attachment names used in this spam [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":83003,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[133,24,75],"tags":[1329,1327,1328,38],"class_list":["post-82990","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hacker","category-malware","category-microsoft-windows","tag-common-vulnerabilities-and-exposures","tag-cve","tag-spam-campaign","tag-vulnerability"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/82990"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=82990"}],"version-history":[{"count":10,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/82990\/revisions"}],"predecessor-version":[{"id":83022,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/82990\/revisions\/83022"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media\/83003"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=82990"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=82990"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=82990"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}