This malicious file uses vulnerability, old versions of Adobe applications, on executing attachment of e-mail.
Adobe released security notice about that security issue on April 11, 2011, user who are using adobe family's product needs to be careful on using those applications.
2. Spreading path and symptoms of infection
Currently, this malicious file consists of .DOC file of MS Office which name is "Disentangling Industrial Policy and Competition Policy.doc". And it contains SWF file its inside.
Following figure is attached DOC file. And it can spread as a different file name.
When you excute this document file, you can find this title, "Disentangling Industrial Policy and Competition Policy in China".
Executed malicious file will create another malicious file on following path. And it will change normal"mspmsnsv.dll" file to malicious .DLL file.
* Comparison between normal mspmsnsv.dll and malicious mspmsnsv.dll
Furthermore, it will create additional file, some of created files contains certain system process information of user's PC.
3. How to prevent
General user can hardly notice something happened in his PC while spreading malicious file with using social engineering.
To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function such as malicious file stated above and runs responding system against various security threats.