According to the preliminary findings of some security researchers, a new zero-day vulnerability in Adobe Flash Player might be exploited in the wild to infect users with a trojan.
The alert comes from independent security researcher Mila Parkour, who maintains the Contagio Malware Dump blog. Ms. Parkour was also credited back in September with reporting an actively exploited Adobe Reader zero-day vulnerability.
The researcher posted a screenshot of the new attack in action and it looks like the unpatched Flash Player vulnerability is exploited via malicious SWF content embedded in a .pdf documen t.
Successful exploitation results in two files called nsunday.exe and nsunday.dll being dropped and executed on the system.
According to a ThreatExpert analysis, these files are components of a Wisp trojan variant. Wisp is a relatively new trojan discovered back in March and is capable of stealing information, as well as downloading and executing malicious files.
A VirusTotal scan of the executable, reveals that 15 antivirus engines detect it as malicious, mostly via generic signatures.
It seems like the people behind this threat are used with exploiting zero-day vulnerabilities. Wisp.A was originally distributed via drive-by download attacks targeting an unpatched flaw (CVE-2010-0806) in Internet Explorer.
Adobe's Product Security Incident Response Team has been notified of the suspected Flash Player vulnerability, but it has yet to test and confirm it.