Mandiant’s Report Manipulated and Utilized within Phishing Scams

Mandiant, a security company cautions that cyber-criminals are using dual malevolent editions of its just-published report on Advanced Persistent Threats (APT1) to act as baits within 2 separate phishing e-mail scams.

One of these scams that Symantec identified works through an e-mail being crafted within Japanese language. It has an attachment (Mandiant.pdf), which when viewed shows an empty PDF document while runs an exploit to abuse a code execution flaw from afar that's in Adobe Reader or Acrobat, with the flaw already patched recently.

Joji Hamada, Security Expert at Symantec states that his organization's examination shows that the exploit isn't capable of planting malware on any target PC. However, there probably are more variants which may effectively do so, he conjectures. Help Net Security published this dated February 22, 2013.

Moreover according to Symantec, an e-mail is noteworthy whose text in Japanese poses as communication from a media person and carries a PDF file -a bogus Mandiant report- as attachment.

The original report by Mandiant referred to one building in China's Shanghai district that according to the company, a government-backed Internet-spying gang operated. Having the nomenclature APT1, the gang of computer-intruders had attacked government agencies and business organizations in USA. Also, the IP addresses of APT1 being numerous, the actual place where the operators were based and the language they used, both got betrayed, Mandiant notes.

The other scam spotted, on 21st February 2013, aims at Chinese-speaking Internauts, while features one sinister attachment - Mandiant_APT2_Report.pdf.

Security Intelligence Engineer Brandon Dixon at VeriSign after studying the PDF attachment said the file abused one earlier Adobe Reader security hole which was plugged during 2011. Infoworld.com published this dated February 22, 2013.

Owing to that flaw's exploitation, Dixon said the malware planted onto the target PC contacted a domain, which led onto a Chinese-server. It also enabled attackers to remotely issue instructions to the affected system.

The domain contacted was additionally utilized within earlier attacks, which aimed at Tibetan activists, stated Chief Technology Officer Aviv Raff at Seculert another security company. Those earlier assaults planted both Mac OS X and Windows malicious software, he added. Infoworld.com published this.

Related article: Mountain West Bank Consumers Targeted by Phishing Scam

» SPAMfighter News - 2/28/2013