Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    June 2013
    S M T W T F S
    « May    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    30  
    • About Us
    Trendlabs Security Intelligence > Kim Jong Il Malicious Spam Found

    The death of Korean leader Kim Jong Il resulted in an outpour of reactions from many people all over the world. Some people were saddened by the loss, while some were quite jubilant, saying that Kim Jong Il was “a repressive leader”.

    Cybercriminals, on the other hand, only had one reaction to the incidentto take advantage of it.

    Our researchers found spammed messages with email subjects mentioning the death of Kim Jong Il. The messages arrive with a .PDF attachment that has the file name brief_introduction_of_kim-jong-il.pdf.pdf. The said file is of course malicious and is detected as TROJ_PIDIEF.EGQ.

    As part of its routines, TROJ_PIDIEF.EGQ opens a non-malicious PDF file to trick the user into thinking that it is a normal file. The .PDF contains a picture of Kim Jong Il.

    Aside from this particular spam attack, we’ve also encountered malicious documents which bear file names mentioning the late Korean leader. One of the files we saw has the file name Kim_Jong_il___s_death_affects_N._Korea___s_nuclear_programs.doc and is now detected as TROJ_ARTIEF.AEB. This file, when opened, drops another file into the system, one detected as BKDR_PCCLIEN.BQD. BKDR_PCCLIEN.BQD connects to its C&C server through port 8000.

    Here at TrendLabs, the death of a globally known person has become an automatic trigger for us to look for attacks trying to taking advantage of it. Hence, we are always on the lookout to protect our customers who are trying to look for more information. Such events generate global interest in a very short amount of time, so they make very good social engineering lures.

    Under such circumstances, everyone is advised to stick with trusted sources when trying to get more information about noteworthy events. Trend Micro users are already protected from the abovementioned attacks through the Trend Micro™ Smart Protection Network™, as both the spammed messages and the malicious files are already blocked and detected respectively.

    Other political figures whose deaths were also used by cybercriminals as lure include:

    Update as of December 20, 2011, 11:04 PM:

    Further analysis by Threat Response Engineer Erika Mendoza revealed that TROJ_PIDIEF.EGQ drops a malicious file detected as BKDR_FYNLOS.A. The said backdoor connects to its C&C server to receive and execute commands such as downloading,uploading, and executing of files, terminating processes, and performing shell commands.

    TROJ_PIDIEF.EGQ also exploits the following vulnerabilities affecting Adobe Reader and Acrobat:

    Users are advised to patch their systems accordingly to prevent being victimized by the mentioned attacks.





    Share this article
    		 Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon



    This entry was posted on Tuesday, December 20th, 2011 at 3:17 am and is filed under Malware, Spam . Both comments and pings are currently closed.





     

    Other Trend Micro blogs
    CTO Insights
    CounterMeasures Blog
    Cloud Security Blog
    Consumerization Blog
    Fearless Web
    Internet Safety for Kids & Families
    Simply Security News
    Trend Micro Blog [German]
    TrendLabs Security Blog [Japan]
    Cloud Security APAC
    Trend Micro Free Tools Threat Encyclopedia Trend Micro Videos
    Do you have a product-related question? Visit our eSupport website.

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice