Exploit.SWF.CVE-2013-0634.a Description
Type: Possibly Unwanted ProgramExploit.SWF.CVE-2013-0634.a is a malware infection that is a component of a malware attack linked to orphan Tibetan refugee children caregivers. Exploit.SWF.CVE-2013-0634.a proliferates via a hacked caregiver website, which offers support for Tibetan refugee children and are distributing backdoor Trojans signed with Winnti stolen certificates distributed with Flash exploits; the compromised website is the NGO 'Tibetan Homes Foundation'. The malevolent 'footer.swf' file is hosted at the Foundation's website. The delivered backdoors are illustrated to be signed with Winnti-stolen digital certificates, including the stolen MGAME certificate. Examples of the same stolen certs reused for the backdoors, are both the MGAME cert and the ShenZehn certs signing the backdoors. The Flash exploit+payload is found as Exploit.SWF.CVE-2013-0634.a.
Technical Information
File System Details
| # | File Name | Detection Count |
|---|---|---|
| 1 | footer.swf | N/A + |
Site Disclaimer
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.