The recent passing of the Korean leader Kim Jong-il was picked up by most of the new publications around the world and because it’s still a hot subject, cybercriminals began relying on it to spread their malicious files.
An email sample provided by Trend Micro
quotes a CNN headline that refers to the death of Kim Jong-il at the age of 69 as a result of a heart attack.
While the message is simple, the attachment that comes with the email promises a “brief introduction of Kim Jong Il.”
When opened, the apparently harmless PDF file displays some information and a picture of the ruler, but in reality it also hides a Trojan identified as Troj_Pidief.egq. Troj_Pidief.egq
drops another malicious file detected as BKDR_FYNLOS.A
, a backdoor that connects to C&C servers in order to receive data that enable it to perform a wide range of commands such as downloading, uploading, and executing files and shell commands.
The subject and the pieces of malware that come with the email may differ from one variant to the other, but they all have the same purpose.
This is not the first time when the death of a renowned public figure is utilized by cybercriminals to launch their malicious operations. The same thing happened with Steve Jobs, Osama bin Laden, Muammar Gaddafi
and other famous people.
This is why users who want to find out more about the death of Kim Jong are advised to check out stories published by trusted websites instead of clicking on links or attachments received via email.
Finally, I want to point out the fact that the Trojan makes use of some old vulnerabilities found in the 9.4 and prior versions of Adobe Reader, which only comes to highlight the importance of updates. Unfortunately, most people fail to update their products in time, allowing hackers to easily infect their computers.