The Latest in IT Security

Stratfor customers targeted by cybercriminals

14
Feb
2012

Cybercriminals are continuing to use a social engineering trick to lure users for their malware campaigns. This time, they targeted customers of Stratfor – a subscription-based provider of geopolitical analysis. Attacks against Stratfor clients began after a reported breach of their customer database.

The spammed email contains an attached PDF file named “stratfor.pdf”. Upon opening the PDF file, it displays the following content, with a reference to using security software to scan for the fictional “Win32Azee virus”:

 

The link displayed in the emails appears legitimate at first glance, but looking closely at the target address, you notice that it doesn’t originate from the address in the email text. Stratfor is based in Texas, United States however the download URL is located somewhere in Turkey. A sample of another PDF file contained a download link for yet another compromised site, this time in Poland.

Clicking on the link, Adobe Reader will display a warning message asking you to verify if you trust the website. The file for download is actually a Win32/Zbot variant, which Microsoft already detects as PWS:Win32/Zbot.gen!R. The malicious PDF file is detected as Trojan:Win32/Pdfphish.A.

SHA1:
38421197bc27f9ae76c01595424b41d720adea05 (detected as Trojan:Win32/Pdfphish.A)
818ef49e658aa78df4a0d9b424fafcd37bcb288c (detected as PWS:Win32/Zbot.gen!R)

– Rodel Finones, MMPC

Leave a reply


Categories

THURSDAY, MARCH 28, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments