UPDATED 13:56 EST / DECEMBER 20 2011

NEWS

Kim Jong-il Malware Discovered Roaming the Wild

From the that-didn’t-take-long department, the recent death of North Korean dictator Kim Jong-il has taken its predicted path through social media and spawned malicious spam that takes advantage of exploits in PDF to infect computers with a Trojan.

Researchers at TrendLabs discovered the spammed messages in their inboxes with subjects mentioning the death of Kim Jong-il.

The messages arrive with a PDF file attachment named brief_introduction_of_kim-jong-il.pdf.pdf. According to the brief the Trojan is detected as TROJ_PIDIEF.EGQ. While it’s attempting to infect the victim computer it opens a non-infected PDF with an image of the late world leader and the headline, “N Korean leader Kim Jong-il dies.”

Aside from this particular spam attack, we’ve also encountered malicious documents which bear file names mentioning the late Korean leader. One of the files we saw has the file name Kim_Jong_il___s_death_affects_N._Korea___s_nuclear_programs.doc and is now detected as TROJ_ARTIEF.AEB. This file, when opened, drops another file into the system, one detected as BKDR_PCCLIEN.BQD. BKDR_PCCLIEN.BQD connects to its C&C server through port 8000.

It is unknown at this time what PDF exploit the TROJ_PIDIEF.EGQ Trojan uses to compromise victim systems; but just to be on the safe side, we advise everyone to update their Adobe Reader PDF viewer and antivirus definitions for the upcoming Christmas holidays. Adobe recently released a hotfix for several

In the rough-and-tumble world of malicious spam and malware, the death of a celebrity often triggers a widespread bandwagon by cybercriminals to jump on and exploit people’s desire to receive news on the subject. As a result, as the death trends in media such as Facebook, Twitter, and G+ malware makers get to work fashioning likely looking e-mails and links to spread on those networks. We’ve seen this with the death of Amy Winehouse, when Osama bin Laden was killed by US forces, and even after the passing of Apple’s once-and-future CEO Steve Jobs.

Always be on the lookout for strange, but enticing, documents received from untrusted sources—and also potentially from trusted sources. Always scan documents coming in from e-mail, especially if they’re about recent events and come in formats that often contain exploits such as PDF, Flash, and Word documents.

Most news about Kim Jong-il or any other celebrity death will probably come through news media and in the plain text of e-mails—rich media documents via e-mail is a common and obvious vector for malware.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU