The Latest in IT Security

Military Targets

18
Jul
2011

There’s a lot of talk about targeted attacks against defense contractors.

military targets

These attacks are still continuing.

We found this sample last week (md5: f393f34f268ddff34521d136e5555752).

It’s a PDF file, apparently sent to an employee of the target company as an email attachment.

When opened in Adobe Reader, it exploits a known Javascript vulnerability and drops a file called lsmm.exe. This is a backdoor that connects back to the attacker, who is waiting at IP addresses 59.7.56.50 and 59.19.181.130.

After this, a decoy PDF file is shown to the end user. The decoy is a call for papers for 2012 AIAA Strategic and Tactical Missile Systems Conference, which is a US conference classified as SECRET:

AIAA Strategic and Tactical Missile Systems Conference (SECRET/U.S. ONLY)

The target of this attack is not known to us.

Leave a reply


Categories

THURSDAY, MARCH 28, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments