Spam Campaign following Kim Jong-il’s Demise Serves Malware
The telecommunications regulator of South Korea alerted that a malicious spam campaign, by capitalizing on Kim Jong-il's death who was the Workers Party of Korea's general secretary in North Korea, is striking users' mailboxes. Help Net Security published this, December 20, 2011.
Security investigators discovered spam mails having captions referring to the North Korean leader Kim Jong-il's demise. The e-mails exhibit a .pdf file as an attachment, which's labeled brief_introduction_of_kim-jong-il.pdf.pdf that's actually malevolent as well as has been identified as TROJ_PIDIEF.EGQ.
Moreover, when taken down and run, it produces one non-malevolent PDF file that has information and picture of the deceased leader so that the actual activity of the malicious PDF is concealed on the users' PCs.
And though the spam mails' behavior hasn't been elaborated, yet as per standard, cyber-attackers abuse news events via implanting harmful web-links alternatively, adding malware in e-mail attachments while pledging more information or select subject matter.
The investigators suggested that incase any web-link appeared doubtful, users should then rather navigate to any highly-regarded news website.
In addition, the regulator further alerted of hacks as well as other online-attacks like e-mails that unknown Internet-users dispatched regarding Kim's death.
The seemingly serene death of Kim isn't likely to exude a shock appeal; still people should look out for web-links that appear through Google search or on Facebook while claim to exhibit select photos of Kim's laid down body, the imported liquor in his collection alternatively, the so-called crowd of mistresses he maintained.
Similarly, fake Twitter or Google web-links of Kim may lead onto sites consisting of harmful "drive-by downloads" capable of contaminating computers, while fake Facebook web-links may compromise users' friends lists else similar 'Like' buttons, thereby disseminating the spam campaign even more.
Generally, the cold conflict between the North and South Koreans is evident. For, NK may've executed several assaults against SK government and American defense sites during March 2011. The means employed, a multiple layered structure of botnet, encryption-enabled malware, and DDoS, weren't unnatural, but their method of use within the attacks seemingly demonstrate the hackers' act of testing cyber-weapons as also watching SK's capability for responding thereof.
Related article: Spam Scam Bags a Scottish Connection
» SPAMfighter News - 27-12-2011