Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Malware Attack Disguised as China World Expo

The coming Shanghai World Expo (1 May - 31 October 2010) has been exploited by hackers to circulate malware. The alert message was sent by the reporter's group in China.

The report tells that the mail seems to have come from the Expo news office. However, it was not sent by the Expo.

The security company 'Trend Micro' detected a harmful attachment in the scam mail as TROJ_PIDIEF.ACV. Reportedly, this .PDF file abuses a known vulnerability in Adobe Acrobat and Reader. It is learnt that this particular flaw was patched in the mid of February 2010. But the attacks exploiting the same vulnerability were again reported in March 2010.
But the technique used for exploiting this vulnerability differs from the one used earlier in 2010. A researcher at Trend Micro, Rajiv Motwani, claims that these .PDF files carry an attached harmful .TIFF file (Tag Image File Format). '.TIFF' is a famous image format that is used for storing high-quality images, as per the news by TrendLabs malware Blog on March 25, 2010.

On processing by Adobe products having the aforementioned vulnerability, this attached .TIFF file stimulates the flaw as well as the execution of an arbitrary code. This time, a backdoor, detected as BKDR_RIPINIP.I by Trend Micro, is dropped and run on the targeted system.

As per the advocacy group of the reporter, the attack can hit journalists who wished to cover the program. Surely, one of the versions of the mails sent by a hacker to IDG News Service directly attacked people who had fill a spreadsheet to register for the Expo.

The security firm stated that .pdf attachments are a common type of attack and antivirus softwares are not able to detect the kinds of malware involved. In the afternoon of March 25, 2010, in China, Kaspersky was the only vendor out of 42 examined by VurusTotal that called the file in the fake Expo mail as harmful.

Further, the security experts claim that there was no concrete proof to indicate that the mail sent to foreign journalists had any link with the government. But it is said that the mail might have tie with the attacks that hit Google in January 2010 that attacked human rights activists.

Related article: Malware Authors Turn More Insidious

ยป SPAMfighter News - 4/5/2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page