{"id":6292,"date":"2016-11-23T09:05:10","date_gmt":"2016-11-23T14:05:10","guid":{"rendered":"https:\/\/kasperskydaily.com\/b2b\/?p=6292"},"modified":"2020-04-10T14:48:55","modified_gmt":"2020-04-10T18:48:55","slug":"inpage-exploit","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/inpage-exploit\/6292\/","title":{"rendered":"An unusual exploit for Asian banks"},"content":{"rendered":"

In September 2016, we detected a number of attacks<\/a> aimed at targets located in Africa and Asia. Among the victims were government agencies and several banks. All of them were attacked using a zero-day exploit for InPage \u2013 a software suit to work with texts in Farsi, Urdu, Pushtu and Arabic \u2013 sent in via e-mails.<\/p>\n

The malicious e-mails sent to targets in Myanmar, Sri-Lanka and Uganda bore several infected documents in various formats \u2013 Word (.doc, .docx) and InPage (.inp). Word exploits are well-known and won\u2019t run in the recently updated software environment, while InPage exploit works fine even in the latest version of the software.<\/p>\n

The first #zero-day #exploit for InPage text processor had been used in attacks on Asian banks. #infosec #0day<\/p>Tweet<\/a><\/blockquote>\n

Interestingly, it\u2019s the first exploit for InPage ever detected. Kaspersky Lab\u2019s software detect the built-in shellcode and identify this malware as HEUR:Exploit.Win32.Generic.<\/p>\n

That\u2019s not the first time when vulnerabilities in the locally popular software is being exploited. Another outstanding example was an exploit for Hangul Word Processor (a South-Korean text processor), deployed during the Icefog campaign<\/a>.<\/p>\n

Using a narrowly specialized software only used in certain industries allows to focus the attack even narrower; the perpetrators thus have more control over the malicious campaign. In the case of InPage, these are organizations include banks and governments.<\/p>\n

Unlike zero days in software like Flash or Windows that are patched quickly, exploits for uncommon software suites like InPage can take much longer to patch. The limited use of the software can also mean that discovery of zero days will be long overdue.<\/p>\n

Even though the exploited vulnerability still exists, users of Kaspersky Lab\u2019s products are protected thanks to heuristic analysis technology. Still, an approach like this is very unsafe when facing other campaigns, as these exploits stay undetected for years. In order to ensure your safety follow a few of general rules:<\/p>\n