NEWS FROM THE LAB - Thursday, June 9, 2011

ISSA Event on June 9th Posted by Mikko @ 17:34 GMT

We spotted this malicious PDF file today.

When opened, the PDF (md5: 20ecffdc2ecea0fbe113502bec0c938c) uses a known Adobe Reader exploit to drop a backdoor to the system. While dropping the backdoor, it displays this PDF on-screen to fool the user into believing everything is okay.


The bait PDF talks about an Information Systems Security Association event in Alabama on the 9th of June, 2011. Which is today.

The backdoor connects to a server at, which is somewhere in South Korea.

We don't know who was the target of this targeted attack.

Updated to add: Funnily enough, here's a good presentation from Northern Alabama's ISSA event, focusing on malicious PDF files.