Votiro Uncovers New Email Attack Using a new variant Exploit CVE-2012-0158

February 3, 2016

Today Votiro has successfully prevented an email attack that used a new variant of exploit CVE-2012-0158, the same exploit used in the successful breach of the NewYork Times in August of 2013. While this is an old exploit, skilled hackers are constantly adapting it to evade detection by updated anti viruses, in order to attack vulnerable systems.

After receiving an email from yvonne@direct-electrical.com, (supposedly a legitimate email address and there is even a website under construction http://www.direct-electrical.com/) with the subject ” Emailed Invoice – 101970:1,” Votiro Zero-Day Exploit engine has detected an infected attachment and neutralized the malware immediately.

In order to see how other anti-virus engines compared, Votiro uploaded the email attachment (a word document) to VirusTotal , a free service that analyzes suspicious files and URLs, and found that only 9 out of 53 anti-virus engines were able to identify the exploit (none of the major companies did), which shows just how irrelevant anti-virus software has become today.

Votiro’s Active Content Disarm solution is much more reliable. Votiro prevent attacks before they enter a system and remove the human factor from the security equation. This is especially interesting since many of the world’s leading banks including Barclays, HSBC, Lloyds banking Group, RBS and Santander have reported human error to be responsible for 93 percent of breaches.