Indian Cyberspace hit by Kim Jong-II Malware Mails!


It has been observed that cybercriminals are using the name of the North Korean leader Kim Jong-II after his death to target Internet users.
Attackers are achieving this by spamming malicious emails containing specially crafted PDF files named “BriefintroductionofKim-Jong-il.pdf”

This PDF file has been found to exploit CVE-2010-2883 and CVE-2010-3333 vulnerabilities in Adobe Acrobat reader.

Once successfully exploited, it leads to remote code execution in the victim’s system.

At the time of analysis we found this dll active in the system:
“Rundll32 %temp%com.dll,COMResModuleInstance”

We also found connections attempts made to “c[xxxx]p.m[xxxx]u.com”.

Quick Heal detects it as Trojan.BHO.btgg

We suggest that users apply these patches if they are using older versions of PDF Reader:
https://www.adobe.com/support/security/bulletins/apsb10-21.html
https://www.adobe.com/support/security/bulletins/apsb11-08.html

In addition we also suggest that users:
-Do not visit untrusted websites.
-Do not click on any links or attachments in their mail.
-Do not disclose any financial or personal information asked in any of these mails.

Vishal Dodke

Vishal Dodke


No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image