Entries filed under 'Yichong Lin'

Threat Research Blog

The FireEye Labs team posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. They cover the full spectrum of exploits and vulnerabilities, including advanced malware and targeted threats.


    New IE Zero-Day Found in Watering Hole Attack

    By Yichong Lin
    FireEye Labs has identified a new Internet Explorer (IE) zero-day exploit hosted on a breached website based in the U.S. It’s a brand new zero-day that targets IE 10 users visiting the compromised website--a classic drive-by download attack. Upon successful exploitation, this zero-day attack will download a XOR encoded payload from a remote server, decode and execute it. This post was intended to serve as a warning to the general public. We Read more...


    IE Zero Day is Used in DoL Watering Hole Attack

    By Yichong Lin
    Similar to what we found before in a series of watering hole attacks, targeting CFR and Chinese Dissidents,  zero-day and just patched vulnerabilities were used. In the latest watering hole attack against Department of Labor (DoL), our research indicates a new IE zero-day is used in this watering hole attack, although some other vendors claim they are using known vulnerabilities.This particular exploit checks for OS version, and only runs on Windows XP. Read more...


    In Turn, It's PDF Time

    By Yichong Lin, James T. Bennett, Thoufique Haq
    [Update: February 13, 2013] We have found IE, Java, and Flash zero-days in a row in the past several months, and now it's PDF’s turn. Today, we identified that a PDF zero-day is being exploited in the wild, and we observed successful exploitation on the latest Adobe PDF Reader 9.5.3, 10.1.5, and 11.0.1.Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF Read more...


    YAJ0: Yet Another Java Zero-Day

    By Darien Kindlund, Yichong Lin
    Through our Malware Protection Cloud (MPC), we detected a brand new Java zero-day vulnerability that was used to attack multiple customers. Specifically, we observed successful exploitation against browsers that have Java v1.6 Update 41 and Java v1.7 Update 15 installed.Not like other popular Java vulnerabilities in which security manager can be disabled easily, this vulnerability leads to arbitrary memory read and write in JVM process. After triggering the vulnerability, exploit is looking Read more...


    Happy New Year from New Java Zero-Day

    By Yichong Lin
    We observed that a Java security bypass zero-day vulnerability (CVE-2013-0422) has been actively exploited in the wild starting Jan. 2. We have been able to reproduce the attack in-house with the latest Java 7 update (Java 7 update 10) on Windows. We initially wanted to hold off on posting this blog entry until we received confirmation from Oracle; however, since other researchers are starting to blog on this issue, we have decided Read more...