{"id":72342,"date":"2012-01-03T12:45:39","date_gmt":"2012-01-03T12:45:39","guid":{"rendered":"https:\/\/localhost\/wordpress\/?p=72342"},"modified":"2012-01-03T12:45:39","modified_gmt":"2012-01-03T12:45:39","slug":"indian-cyberspace-hit-by-kim-jong-ii-malware-mails","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/indian-cyberspace-hit-by-kim-jong-ii-malware-mails\/","title":{"rendered":"Indian Cyberspace hit by Kim Jong-II Malware Mails!"},"content":{"rendered":"
\"\"
\nIt has been observed that cybercriminals are using the name of the North Korean leader Kim Jong-II after his death to target Internet users.
\nAttackers are achieving this by spamming malicious emails containing specially crafted PDF files named \u201cBriefintroductionofKim-Jong-il.pdf\u201d<\/strong><\/p>\n

This PDF file has been found to exploit CVE-2010-2883<\/a> and CVE-2010-3333<\/a> vulnerabilities in Adobe Acrobat reader.<\/p>\n

Once successfully exploited, it leads to remote code execution in the victim’s system.<\/p>\n

At the time of analysis we found this dll active in the system:
\n“Rundll32 %temp%com.dll,COMResModuleInstance”<\/p>\n

We also found connections attempts made to “c[xxxx]p.m[xxxx]u.com”.<\/p>\n

Quick Heal detects it as Trojan.BHO.btgg<\/strong><\/p>\n

We suggest that users apply these patches if they are using older versions of PDF Reader:
\nhttps:\/\/www.adobe.com\/support\/security\/bulletins\/apsb10-21.html<\/a>
\nhttps:\/\/www.adobe.com\/support\/security\/bulletins\/apsb11-08.html<\/a><\/p>\n

In addition we also suggest that users:<\/span>
\n-Do not visit untrusted websites.
\n-Do not click on any links or attachments in their mail.
\n-Do not disclose any financial or personal information asked in any of these mails.<\/div>\n","protected":false},"excerpt":{"rendered":"

It has been observed that cybercriminals are using the name of the North Korean leader Kim Jong-II after his death to target Internet users. Attackers are achieving this by spamming malicious emails containing specially crafted PDF files named \u201cBriefintroductionofKim-Jong-il.pdf\u201d This PDF file has been found to exploit CVE-2010-2883 and CVE-2010-3333 vulnerabilities in Adobe Acrobat reader. […]<\/p>\n","protected":false},"author":26,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21,24,6],"tags":[22,23,37,38],"class_list":["post-72342","post","type-post","status-publish","format-standard","hentry","category-email","category-malware","category-tips","tag-email-malware","tag-fraudulent-email","tag-security-update","tag-vulnerability"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72342"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/26"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=72342"}],"version-history":[{"count":0,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72342\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=72342"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=72342"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=72342"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}