ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Cybercriminals exploiting the death of Kim Jong-Il

By | December 22, 2011, 10:29am PST

Summary: Security researchers from TrendMicro, have intercepted a currently circulating malware campaign, using the death of Kim Jong-Il as a social engineering theme.

Security researchers from TrendMicro, have intercepted a currently circulating malware campaign, using the death of Kim Jong-Il as a social engineering heme.

The messages arrive with a .PDF attachment that has the file name brief_introduction_of_kim-jong-il.pdf.pdf. Upon execution, the sample drops a malicious file detected as BKDR_FYNLOS.A. The backdoor connects to its C&C server to receive and execute commands such as downloading,uploading, and executing of files, terminating processes, and performing shell commands.

The sample also exploits the following Adobe Reader and Acrobat vulnerabilities - CVE-2010-2883CVE 2011-0611.

Users are advised to ensure that they are free of client-side vulnerabilities found in third-party applications and browser plugins, as well as to exercise extra caution when opening attachments coming from unknown sources.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Death, Cybercriminal, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Disclosure

Dancho Danchev

More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile.

Biography

Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
1
Comments
Add Your Opinion

Join the conversation!

0 Votes
+ -
I couldn't think of a more apt way to send ...
thx-1138_@... Updated - 22nd Dec
... that loony megalomaniac off.

" ... executing of files, terminating processes, and performing shell commands. "

That sounds oddly like something from the Manifesto he probably wrote while in power.

... you'll find no sympathy here.

(n.b. ZDNet staffers are truly deluded if they believe anyone will want to eagerly follow up on one of the worst, tyrannical dictators, in the world, in the last 30 years.)

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix