Experts Identify IE Exploit on Indian Defense Site, Find Link to PlugX RAT
Most security firms are currently busy analyzing the latest Internet Explorer (IE) zero-day exploit . One of these companies is AlienVault which has not only found websites that host the malicious code, but it has also uncovered a connection to the PlugX RAT. Experts have identified a new version of the moh2010.swf Flash file utilized in the attacks that leverage the IE exploit. Their analysis led them to a file called Nv.exe which is used by Nvidia for several of its applications. As it turns out, the cybercriminals are relying on Nv.exe to load a DLL file which executes the binary content of another component named Nv.mp3. The malicious payload present in this Nv.mp3 file is actually a version of the PlugX Remote Administration Trojan (RAT). “We know that the group actively using the PlugX malware also called Flowershow had access to the Internet Explorer ZeroDay days before it was uncovered. Due tot he similarities of the new discovered exploit code a