Nobel Peace Prize invitation hides PDF Trojan


Nobel Peace Prize invitation hides PDF Trojan

Ron Condon

If you receive an email inviting you to Oslo to see the Chinese dissident Liu Xiaobo receive his Nobel Peace Prize in December, don't open the PDF attachment.

Mikko Hyppönen, chief research officer at Helsinki-based antivirus vendor F-Secure Corp., said the attachment contains a PDF Trojan that targets an Adobe Reader vulnerability.

Hyppönen said the spoofed message purports to come from the Oslo Freedom Forum and contains a very convincing invitation. Security researchers have not yet determined who sent the attack or who the intended target, or targets, might be.

If the file invitation.pdf is opened, it uses an exploit (Exploit.PDF-TTF.Gen) to crash Adobe Reader, Hyppönen wrote in a F-Secure blog entry. It then drops a backdoor (Trojan.Generic.4974556) to the system, which attempts to contact a command-and-control server to download additional malware and instructions.

Adobe Systems Inc. has been the favourite target of attackers who use PDF Trojan attachments in email as well as drive-by attack websites to target zero-day vulnerabilities and users who haven't fully patched their software. In addition, attackers are increasingly targeting Adobe Flash, a browser component.

Liu Xiaobo will not be in Oslo to receive the Nobel Peace Prize as he is serving an 11-year jail sentence in China for his activities in campaigning for human rights in China. His lawyer was also prevented from leaving China because, it is believed, the Chinese authorities feared he would be collecting the prize on his client's behalf.

The latest email attack builds on growing interest in his case, and follows an incident two weeks ago, when the Nobel Peace Prize website was hacked with a zero-day attack against Firefox.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy