U.S. military contractors targeted with malicious PDFs
Posted on 19.07.2011
The last few months have seen a lot of cyber attacks aimed at U.S. military contractors and they are still ongoing.

F-Secure researchers have recently spotted an email obviously directed at military contractors' employees, which contains a malicious .pdf attachment.

"When opened in Adobe Reader, it exploits a known Javascript vulnerability and drops a file called lsmm.exe," they explain. "This is a backdoor that connects back to the attacker, who is waiting at IP addresses 59.7.56.50 and 59.19.181.130."

In order to keep the recipient from suspecting foul play, the file then opens a legitimate-looking call for papers for a conference:


It is known that the RSA hack was executed in order to compromise its SecurID tokens, widely used by a great number of companies that do business with the government. But, as this example shows, there are easier ways to gain access to their computers.






Spotlight

Hope is not a strategy, we need more healthy paranoia

35 percent of security experts believe leadership within their organization lacks a healthy paranoia, with 21 percent of leadership "relying on hope as a strategy" to avoid a cyber security breach.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Aug 31st
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //