It has been observed that cybercriminals are using the name of the North Korean leader Kim Jong-II after his death to target Internet users.
Attackers are achieving this by spamming malicious emails containing specially crafted PDF files named “BriefintroductionofKim-Jong-il.pdf”
Once successfully exploited, it leads to remote code execution in the victim’s system.
At the time of analysis we found this dll active in the system:
We also found connections attempts made to “c[xxxx]p.m[xxxx]u.com”.
Quick Heal detects it as Trojan.BHO.btgg
We suggest that users apply these patches if they are using older versions of PDF Reader:
In addition we also suggest that users:
-Do not visit untrusted websites.
-Do not click on any links or attachments in their mail.
-Do not disclose any financial or personal information asked in any of these mails.