Back in November, Microsoft cautioned us about a zero-day vulnerability being in use to taint Windows XP and Windows Server 2003 operating systems. After further investigation, it has been found that this attack was primarily targeting 28 Middle Eastern embassies. The said users were sent the exploits as an attachment over emails. The email contained a blank body with the subject line referring to the ongoing conflicts with Syria. This increased the odds of embassies opening that email.
What is Zero-Day Vulnerability
Zero-Day Vulnerability, or “day zero” is the loophole that developers accidentally leave behind in an application that then hackers exploit to get their vicious work done.
These vulnerabilities are unknown to the vendors. Once a vulnerability is found, there begins a race between the hackers and the developers to make and save further destruction respectively.
Security firm TrendMicro notes,
Apart from the targeting and the anti-analysis techniques, there does not appear to be other particularly unusual or unique behaviors in this attack. The anti-analysis techniques in the backdoor (detected as BKDR_TAVDIG.GUD) were designed to hide from or freeze debuggers, making analysis and attribution more difficult.
Given the expertise level that requires to break into such sophisticated system, it is being believed that the person behind this attack has had the resources and skills that are more advanced than a typical cyber malware coder.
So far we don’t know how many embassies got infected with this virus, or if they were the only recipients. This vulnerability as Microsoft reports only affects Windows XP and Windows Server 2003 operating systems.
It is noteworthy to mention that the deadline of Windows XP is approaching. And once we are there, Windows XP will simply become an open playground for hackers to exploit every component of Windows XP.