LadyBoyle is a malware threat that uses a new exploit in Adobe Flash. LadyBoyle uses a zero-day exploit in Adobe Flash that was first detected on February 5th, 2013. Zero-day exploits are particularly prized by criminals because they allow criminals to carry out malware attacks undeterred until a patch or fix for the problem is released by the affected software's developer (these kinds of exploits are known as 'zero-day' because they are effective as soon as the targeted software is released). Adobe has released information about LadyBoyle, advising computers how to protect their computer by downloading specific patches to fix this problem. The two exploits targeted by LadyBoyle are labeled as CVE-2013-0633 and CVE-2013-0634. Since LadyBoyle is currently active, ESG malware researchers strongly advise computer users to download these patches in order to protect their computer.
PC security researchers have, so far, identified two different files that use the exploits listed above. Even though these files contain content written in English, an analysis of the files reveals data in Windows Simplified Chinese. These files are Microsoft Word files (with the DOC extension) which access a malicious embedded SWF file (an Adobe Flash file) that contains the dangerous exploit. This malicious SWF file contains a specific script named LadyBoyle which carries out the specific attack (which has led to PC security researchers referring to this exploit as LadyBoyle).
How the LadyBoyle Attack is Carried Out
Once the LadyBoyle script is executed, it will first detect whether the conditions for a LadyBoyle attack exist. If they do, then LadyBoyle will drop various executable files on the victim's computer as well as a malicious DLL file. This dangerous DLL file is also embedded within the LadyBoyle SWF file itself. ESG security researchers have observed that this attack is not particularly new. Even though the LadyBoyle exploit itself was first detected and distributed in February of 2013, this attack has been integrated into a malware family that has been active for an actually long time. This attack uses an invalid security certificate from MGAME (a game developer from Korea) and, like many other malicious executable files, are created to mislead PC users, making they think that it is Google or Adobe updates. Once installed, this malware attack creates a backdoor into the victim's computer, making the necessary changes to the Windows Registry that allow LadyBoyle to load automatically upon start-up and establish a connection to its command and control server.
Do You Suspect Your PC May Be Infected with LadyBoyle & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like LadyBoyle as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.