Targeted attack against Tibetan activists abuses Nvidia file to load malware

The attack uses an Nvidia tool vulnerable to DLL preloading, Sophos researchers say

By Lucian Constantin, IDG News Service |  Security

"In this attack, Nvidia's software was abused but it could just as easily have been any of a thousand other developers," he said, pointing out that Microsoft has published advice on how to avoid DLL search path issues that could lead to DLL preloading.

This is not the first time that DLL preloading issues have been exploited by malware. The Stuxnet cybersabotage malware was programmed to drop a copy of itself as a specifically named DLL file in directories containing industrial engineering projects created with the Siemens Step 7 software.

Older versions of the Step 7 software automatically loaded this DLL when opening the infected projects, which allowed the malware to spread to other machines due to project project sharing.

On Tuesday, security researchers from Symantec reported about a malware attack that targeted users in Japan and exploited a DLL preloading vulnerability in Ichitaro, the second-most popular word processor software in Japan after Microsoft Word.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question