14 DAY TRIAL // Security researchers from F-Secure have spotted a new PDF-based email attack that appears to target people working in the defense industry.
According to the Finnish antivirus vendor, the attack was intercepted last week and is still ongoing. It uses the 2012 AIAA Strategic and Tactical Missile Systems Conference as lure.
The emails distribute a malicious PDF file that claims to be a call for papers for the renowned defense industry conference classified as SECRET.
"When opened in Adobe Reader, it exploits a known Javascript vulnerability and drops a file called lsmm.exe. This is a backdoor that connects back to the attacker," F-Secure's chief research officer Mikko Hypponen said.
According to a scan on Virus Total, the malicious PDF file still has a low detection rate with only 15 out of 43 antivirus engines detecting it.
After the exploitation occurs, a non-malicious PDF file about the call for papers is opened on the computer in order to distract the user and avoid raising suspicion.
The exact target of this attack is not known by F-Secure, but judging by its characteristics, it's most likely someone in the defense industry, possibly a military contractor.
In this type of attacks, the emails are crafted to appear as originating from individuals or organizations trusted by the targets, sometimes their bosses or work colleagues.
Such attacks are relatively common and have a good rate of success. For example, the security breach at RSA earlier this year, which eventually forced the company to replace all SecurID tokens, started with a similar email sent to an employee.
The best protection against targeted attacks is not achieved by investing into expensive and sophisticated detection systems, but by performing employee training. Learning to check and to spot spoofed email messages can go a long way to stop such attacks.