Home / malware Trojan:Win32/Apolmy.B
First posted on 07 November 2014.
Source: MicrosoftAliases :
There are no other names known for Trojan:Win32/Apolmy.B.
Explanation :
Threat behavior
Threat in context
This exploit targets the following versions of 32-bit Windows:
- Windows 8.1
- Windows 8
- Windows 7 SP1
- Windows Vista SP2
- Windows RT 8.1
- Windows RT
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2008 SP2
- Windows Server 2008 R2 SP1
It targets your web browser and applications in the Microsoft Office suite running on Windows.
See the following for more information about the vulnerability, including updates to protect your PC:
What is an exploit?
- Microsoft Security Bulletin MS14-058
- Microsoft Security Research and Defense Blog: Accessing risk for the October 2014 security updates
- US National Vulnerability Database summary for CVE-2014-4113
- CVE entry CVE-2014-4113
Exploits are written to take advantage of weaknesses (or vulnerabilities) in legitimate software. A project called Common Vulnerabilities and Exposures (CVE) gives each vulnerability a unique number, in this case "CVE-2014-4113".
You can find more information on the CVE website or on our page about exploits.
Exploit details
Attack method
This threat will exploit Windows by getting you to open a file or go to a link that has an embedded malicious font.
When the font is loaded, the threat exploits the vulnerability in the kernel mode drivers (win32k.sys) to obtain an elevated level of privilege. This allows the threat to load remote code.
An attacker can use this exploit to download and run malware on your PC.
You may get an alert about this threat even if you're not using a vulnerable version of the application. This is because we detect when a website or file tries to use the vulnerability, even if it isn't successful.
Analysis by Chun Feng
Symptoms
Alerts from your security software may be the only symptom.
Last update 07 November 2014
