Cybercriminals exploiting the death of Kim Jong-Il

Summary:Security researchers from TrendMicro, have intercepted a currently circulating malware campaign, using the death of Kim Jong-Il as a social engineering theme.

Security researchers from TrendMicro, have intercepted a currently circulating malware campaign, using the death of Kim Jong-Il as a social engineering heme.

The messages arrive with a .PDF attachment that has the file name brief_introduction_of_kim-jong-il.pdf.pdf. Upon execution, the sample drops a malicious file detected as BKDR_FYNLOS.A. The backdoor connects to its C&C server to receive and execute commands such as downloading,uploading, and executing of files, terminating processes, and performing shell commands.

The sample also exploits the following Adobe Reader and Acrobat vulnerabilities - CVE-2010-2883CVE 2011-0611.

Users are advised to ensure that they are free of client-side vulnerabilities found in third-party applications and browser plugins, as well as to exercise extra caution when opening attachments coming from unknown sources.

Topics: Malware, Browser, Security, Servers

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.