The Latest in IT Security

Kim Jong Il Malicious Spam Found

20
Dec
2011

The death of Korean leader Kim Jong Il resulted in an outpour of reactions from many people all over the world. Some people were saddened by the loss, while some were quite jubilant, saying that Kim Jong Il was “a repressive leader”.

Cybercriminals, on the other hand, only had one reaction to the incident, and it was to take advantage.

Our researchers found spam messages with email subjects mentioning the death of Kim Jong Il. The messages arrive with a .PDF attachment that has the file name brief_introduction_of_kim-jong-il.pdf.pdf. The said file is of course malicious and is detected as TROJ_PIDIEF.EGQ.

As part of its routines, TROJ_PIDIEF.EGQ opens a non-malicious PDF file to trick the user into thinking that it is a normal file. The PDF contains a picture of Kim Jong Il.

Aside from this particular spam attack, we’ve also encountered malicious documents which bear file names mentioning Kim Jong Il. One of the files we saw has the file name Kim_Jong_il___s_death_affects_N._Korea___s_nuclear_programs.doc and is now detected as TROJ_ARTIEF.AEB. This file, when opened, drops another file into the system, one detected as BKDR_PCCLIEN.BQD. BKDR_PCCLIEN.BQD connects to its C&C server through port 8000.

Here at TrendLabs, the death of a globally known person has become an automatic trigger for us to look for attacks trying to taking advantage in order to protect our customers who are trying to look for more information. Such events generate global interest in a very short amount of time, so they make very good social engineering lures.

Under such circumstances, people are advised to stick to trusted sources when trying to get more information about noteworthy events. Trend Micro users are already protected from the abovementioned attacks through the Trend MicroT Smart Protection NetworkT, as both the spam messages and the malicious files are already blocked and detected respectively.

Other political figures whose deaths were also used by cybercriminals as lure include:

Leave a reply


Categories

MONDAY, AUGUST 19, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks