PDF Attack May Target Defense Contractors

Wednesday, July 20, 2011 @ 01:07 PM gHale


A new PDF-based email attack appears to target people working in the defense industry, security researchers said.

Finnish antivirus vendor, F-Secure, discovered the attack last week and is still ongoing. It uses the 2012 AIAA Strategic and Tactical Missile Systems Conference as lure.

RELATED STORIES
Sites Face New ZeuS Attack
Hack Confirmed; Oil Companies Eyed
Attacks Anytime; Govt. Contractors Hit
Web Sites to Find if You’re a Target

The emails distribute a malicious PDF file that claims to be a call for papers for the renowned defense industry conference classified as SECRET.

“When opened in Adobe Reader, it exploits a known Javascript vulnerability and drops a file called lsmm.exe. This is a backdoor that connects back to the attacker,” said F-Secure’s chief research officer Mikko Hypponen.

The best protection against targeted attacks does not come from investing in expensive and sophisticated detection systems, but by performing employee training. Learning to check and to spot spoofed email messages can go a long way to stop such attacks.

According to a scan on Virus Total, the malicious PDF file still has a low detection rate with only 15 out of 43 antivirus engines detecting it.

After the exploitation occurs, a non-malicious PDF file about the call for papers opens on the computer in order to distract the user and avoid raising suspicion.

While they don’t know the exact target of this attack, F-Secure said judging by its characteristics, it’s most likely someone in the defense industry, possibly a military contractor.

In these types of attack, the emails appear as originating from individuals or organizations trusted by the targets, sometimes their bosses or work colleagues.

Such attacks are relatively common and have a good rate of success. For example, the security breach at RSA earlier this year, which eventually forced the company to replace all SecurID tokens, started with a similar email sent to an employee.



Leave a Reply

You must be logged in to post a comment.