Monday, 25 January 2010

China hacks used as lure for more targeted attacks

By Jaikumar Vijayan
Computerworld
January 22, 2010

Malicious hackers have begun using the recent cyberattacks against Google and more than 30 other companies as lures for launching even more targeted attacks, security firm F-Secure said in a blog post today.

The company reported spoofed e-mails purporting to contain details on the alleged Chinese attacks that contain a PDF attachment. When opened, it installs and runs the Acrobat.exe backdoor on the user's machine.

A screen shot posted on F-Secure's Web site showed an e-mail designed to look like it came from George Washington University. The e-mail, with the subject header 'Chinese cyberattack,' offered the target a review of an article on the recent attacks that the purported author had just written for the Far Eastern Economic Review.

When the attached PDF is opened in Acrobat Reader, it exploits a known vulnerability in the doc.media.newPlayer function of the reader to install a back door on the user's system, F-Secure said. The flaw was patched by Adobe last week.

emails

a

The Register - Security

IQ test

The Register - Security: Anti-Virus

HackWire - Hacker News