Its icon and extension is well manipulated as a normal image file, and it shows Kim Jong Il related images on executing.
Therefore, general users can hardly notice about its being infected.
With the death of Kim Jong Il, a bunch of malicious files are up in these days.
December 20, 2011, INCA Internet's Emergency Response Team detected various malicious files related his death.
If a user clicks that file and executes malicious attachment, that user can be infected by malicious file.
With it, various phishing can be generated; therefore, users need to be careful on execute unofficial and suspicious news, image file, video clip and shorten URL.
Especially, various attachments including(PDF, DOC, HWP, PPT, ZIP, EXE, and SCR) can be malicious.
2. Spreading path and symptoms of infection
INCA Internet's Emergency Response Team has found another malicious file disguised the pic of Kim Jong Il.
This malicious file is disguised as a picture of Kim Jong Il unlike previous malicious file used PDF, DOC vulnerability.
Besides, its file name can rise up Kim Jong-il.
First, it creates Update.exe in Application Data folder with hidden property, then it creates Kim Jong-il.jpg in the same path of executed malicious Kim Jong-il.jpg.scr.
Then it creates MSN Talk Start.lnk on startup, finally it removes Kim Jong-il.jpg.scr and it pretend that it isn't malicious.
This malicious tries to access certain host, and it installs malicious files such as Kserver.exe, kserver.dll on Recycle Bin folder.
Those two files are remote command Backdoor Server files, and attacker can get the permission of all administrators on victim's PC and can monitor.
3. How to prevent
To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.