We spotted this malicious PDF file today.
When opened, the PDF (md5: 20ecffdc2ecea0fbe113502bec0c938c) uses a known Adobe Reader exploit to drop a backdoor to the system. While dropping the backdoor, it displays this PDF on-screen to fool the user into believing everything is ok.
The bait PDF talks about an Information Systems Security Association event in Alabama on 9th of June, 2011. Which is today.
The backdoor connects to a server at 22.214.171.124, which is somewhere in South Korea.
We don’t know who was the target of this targeted attack.
Leave a reply