Just another Informatin of Virus
H1N1 Themed Targeted Attack
30May2009 Filed under: f-secure News Author: adminThe ˑN1, formerly known as swine, flu continues to make headlines… though the trends peaked earlier this month.
And while there hasn′t been widespread use of ˑN1 themes for malicious attacks, we have seen some limited use. Here’s something that our honeypots collected last week.
It’s a malicious PDF file (that’s nothing new).
When the PDF is opened, it exploits Adobe Reader, drops a backdoor, and shows a file referring to H1N1 flu.
Here’s a screenshot.
What happens behind the scenes? The exploit drops a malicious file called “AcrRd32.exe” into the computer’s temp folder.
The malicious file connects to three IP addresses in order to “call home”. These addresses are, or were, in Texas (207.200.45.12), Budapest (89.223.181.93) and Hyderabad (202.53.69.130).
The individuals targeted by this attack are unknown to us.
On 25/05/09 At 01:02 PM
- Tags: Adobe Reader, Backdoor, Budapest, Exploit, Flu, H1n1, Headlines, Honeypots, Hyderabad, Ip Addresses, Malicious Attacks, Pdf File, Screenshot, Swine Flu, Temp Folder, Themes
2 Responses to “H1N1 Themed Targeted Attack”
Leave a reply
About this blog
Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Quisque sed felis. Aliquam sit amet felis. Mauris semper, velit semper laoreet dictum, quam diam dictum urna, nec placerat elit nisl in quam. Etiam augue pede, molestie eget, rhoncus at, convallis ut, eros. Aliquam pharetra. Nulla in tellus eget odio sagittis blandit. Maecenas at nisl. Nullam lorem mi, eleifend a, fringilla vel, semper at, ligula. Mauris eu wisi.
arthritisremedy
July 18th, 2009 at 2:55 pm
i always advice my kids to wear face masks when going into crowded areas. swine flu is really scary and i dont want my kids getting infected by it.
acne therapy
July 25th, 2009 at 12:08 pm
I have a relative who got the Swine Flu in Mexico. It is a good thing that he already recovered from this disease.