Newsfeed
Nachrichtenbote
There's a lot of talk about targeted attacks against defense contractors.
These attacks are still continuing.
We found this sample last week (md5: f393f34f268ddff34521d136e5555752).
It's a PDF file, apparently sent to an employee of the target company as an email attachment.
When opened in Adobe Reader, it exploits a known Javascript vulnerability and drops a file called lsmm.exe. This is a backdoor that connects back to the attacker, who is waiting at IP addresses 59.7.56.50 and 59.19.181.130.
After this, a decoy PDF file is shown to the end user. The decoy is a call for papers for 2012 AIAA Strategic and Tactical Missile Systems Conference, which is a US conference classified as SECRET:
The target of this attack is not known to us.
On 18/07/11 At 12:08 PM
Weiterlesen...
These attacks are still continuing.
We found this sample last week (md5: f393f34f268ddff34521d136e5555752).
It's a PDF file, apparently sent to an employee of the target company as an email attachment.
When opened in Adobe Reader, it exploits a known Javascript vulnerability and drops a file called lsmm.exe. This is a backdoor that connects back to the attacker, who is waiting at IP addresses 59.7.56.50 and 59.19.181.130.
After this, a decoy PDF file is shown to the end user. The decoy is a call for papers for 2012 AIAA Strategic and Tactical Missile Systems Conference, which is a US conference classified as SECRET:
The target of this attack is not known to us.
On 18/07/11 At 12:08 PM
Weiterlesen...