It is observed that cybercriminals are using the name of the North Korean leader Kim Jong-II after his death, to target internet users.
Attackers are achieving this by spamming malicious emails containing specially crafted pdf named “BriefintroductionofKim-Jong-il.pdf”
This PDF file found to be exploiting CVE-2010-2883 and CVE-2010-3333 Vulnerabilities in Adobe Acrobat Reader.
Once successfully exploited, it leads to remote code execution in the victim’s system.
At the time of analysis we found below dll active in the system
“Rundll32 %temp%com.dll,COMResModuleInstance”
We also found connections attempts made to c[xxxx]p.m[xxxx]u.com
Quick Heal detects it as “Trojan.BHO.btgg”
We suggest users to apply below patches if they are using older versions of PDF Reader:
http://www.adobe.com/support/security/bulletins/apsb10-21.html
http://www.adobe.com/support/security/bulletins/apsb11-08.html
In addition we also suggest users:
-Do not visit untrusted websites
-Do not click on any link or attachments in the mail
-Do not disclose any financial or personal information being asked in any of such mails
Leave a reply