Cyber Attacks adding up to the already disturbing relations of India & China

Recently Indian government official admitted that there was an attempt to attack and steal the information from offices of National Security Adviser through hacker attack. More details on this news announcement can be found at:
https://timesofindia.indiatimes.com/india/China-tried-to-hack-Indias-computers-Narayanan/articleshow/5473640.cms

The announcement was made only after looking at similar attack news in US of cyber attack on US defense contractors systems.

Lots of information is making rounds with nothing concrete to conclude but the discussions and information is pointing towards the zero day vulnerability in Adobe Reader which Adobe fixed on Tuesday last week.

In both the case a malicious PDF was sent to the email address of high profile accounts. The PDF file consisted of relative message which appears to be sent by some one in the department. The PDF carries the exploit code to exploit the vulnerability CVE-2009-4324.

The PDF is specially crafted, when it is opened, a shell code executes which extract 2 files in temp folder. One is pdf file and the other is PE executable.

The PE executable which is then executed connects to the server somewhere in China. The PE file then drops files in below mentioned folder
%system%
%system%dllcache
%windows%Installer

The hacker sitting in China can have full control of the system once it is connected to the server. All Quick Heal products are updated to detect these exploit injected PDFs.

Ranjeet Menon

Ranjeet Menon


No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image