Page: Critical Limited Edition Malware Targets Defense Industry

The attack starts with a legitimate-looking PDF file

By on September 13th, 2012 09:18 GMT

Researchers have analyzed an interesting piece of malware called Page. They have found that the critical limited edition malware is masqueraded as a PDF file and sent out to companies from the aviation defense industry.

When victims open the apparently-innocent PDF file, they’re presented with an invitation to an upcoming industry event – a fact which clearly shows that the attacks are designed to specifically target the defense sector.

In the meantime, while the user unsuspectingly views the invitation, a vulnerability in collab.hetlcon() is exploited to create and execute a file.

Once it is executed, the file drops a DLL, which opens a backdoor at TCP port 49163 and initiates network communications, Fire Eye experts have explained in a blog post.

While there’s nothing really innovative in the way this malware works, it’s a clear indication that cybercriminals are focusing their efforts on penetrating organizations from the defense industry.


Decoy PDF document used in Page malware attacks
   Decoy PDF document used in Page malware attacks