14 DAY TRIAL // Security researchers warn of an ongoing targeted email attack, which uses a 2010 FIFA World Cup-themed ruse to trick users into opening a booby-trapped PDF file. The incident targets an arbitrary code execution vulnerability that was patched in February in Adobe Reader.
The FIFA World Cup is the most important football (soccer of Americans) competition and arguably the most watched regular sport event in the world. The 19th edition of the event will kick off on June 11, 2010 in South Africa.
The recent attack, which was analyzed by security researchers from Symantec, misuses the name and intellectual property of a renowned African safari organizer called Greenlife Africa. "Greenlife have produced an extremely informative and useful PDF guide to the World Cup […]. The attacker(s) have downloaded Greenlife’s PDF document, and changed it to include malicious code," they explain.
The antivirus vendor also points out that a worker from "a major international organisation that brings together governments from all over the world," was amongst the targets of this email attack. The malicious code attached to the PDF file SoccerTravelSouthAfrica.pdf (after the original document), exploits an Adobe Reader and Acrobat vulnerability (CVE-2010-0188) patched by the vendor in February.
The wording in the email suggests that attackers intended to trick governmental organizations like consulates and tourism authorities to distribute the booby-trapped PDF file through official channels to the general public. "Please send this on to anyone who may be interested in receiving a copy of the Soccer Travel Guide!" the message reads.
Successful exploitation will result in several encrypted executable files being dropped and executed on the system. This threat features a rootkit component and installs itself as a service called "Remote Access Connection Locator." The malware analysts note that it might also be capable of self-propagation on local networks.
Symantec warns that antivirus detection for the malicious PDF file is currently very low. Users of Adobe Reader and Acrobat older than 9.3.1 or 8.2.1 are urged to upgrade immediately to the latest version.
