[Warning] Additional malicious file disguised as the pic of Kim Jong Il (Update #1)

1. Introduction

INCA Internet's Emergency Response Team has detected malicious file disguised the pic of Kim Jong Il.
Its icon and extension is well manipulated as a normal image file, and it shows Kim Jong Il related images on executing.
Therefore, general users can hardly notice about its being infected.
With the death of Kim Jong Il, a bunch of malicious files are up in these days.

December 20, 2011, INCA Internet's Emergency Response Team detected various malicious files related his death.

If a user clicks that file and executes malicious attachment, that user can be infected by malicious file.

[Warning] Kim Jong Il Malicious scam is spreading

[Caution]Malicious file is spreading via a Korean entertainer's porn video file.

With it, various phishing can be generated; therefore, users need to be careful on execute unofficial and suspicious news, image file, video clip and shorten URL.

Especially, various attachments including(PDF, DOC, HWP, PPT, ZIP, EXE, and SCR) can be malicious.

2. Spreading path and symptoms of infection

INCA Internet's Emergency Response Team has found another malicious file disguised the pic of Kim Jong Il.
This malicious file is disguised as a picture of Kim Jong Il unlike previous malicious file used PDF, DOC vulnerability.

Its icon adopted basic JPG and you can show its real extension when "Hide protected operating system files (Recommend)" is unchecked. Actually SCR file is for screen saver, and it disguised its extension to SCR.

Besides, its file name can rise up Kim Jong-il.

Users can be infected on executing.

First, it creates Update.exe in Application Data folder with hidden property, then it creates Kim Jong-il.jpg in the same path of executed malicious Kim Jong-il.jpg.scr.

Then it creates MSN Talk Start.lnk on startup, finally it removes Kim Jong-il.jpg.scr and it pretend that it isn't malicious.

This malicious tries to access certain host, and it installs malicious files such as Kserver.exe, kserver.dll on Recycle Bin folder.

Those two files are remote command Backdoor Server files, and attacker can get the permission of all administrators on victim's PC and can monitor.

* Update 2011. 12. 21

We found the malicious file "The Death of North Korea's Kim Jong Il.pdf" and added pattern on our nProtect Anti-Virus.

3. How to prevent

To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.

INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.


  1. Replies
    1. شادترین و بهترین موزیک ها در سایت ما
      دانلود آهنگ جدید

  2. Having trouble with a philosophy paper writing? Check out this guide, guys, should be helpful.

  3. The article you have shared here very awesome
    Swords And Souls

  4. This is a great article, with lots of information in it, These types of articles interest users in your site.
    After buying a Hp printer if you are stuck in some steps then contact hp setup to get the quick and easy solution.


  5. HappyMod is a new generation App Store for Modified Apps and Games.Download HappyMod APK to get access to thousands of cracked and premium apps for Android.



  6. This is a great piece of news,i really find this interesting if you wan to secure your data the install webroot antivirus to make your data highly secured.

  7. Kaspersky Lab groups the whole scope of malignant programming or possibly undesirable articles that are distinguished by Kaspersky's antivirus motor – ordering the malware things as indicated by their action https://www.assignmentdone.co.uk/ on clients' PCs. The grouping framework utilized by Kaspersky is likewise utilized by various different antivirus merchants as the reason for their characterizations.

  8. I like viewing web sites which comprehend the price of delivering the excellent useful resource free of charge. I truly adored reading your posting. Thank you!

  9. If you need any kind of assignment help, Then you can go AllAssignmentHelp.com. Here you will get high-quality assignment help. We have a team of assignment experts who will help you by delivering the contents as you desired.

  10. Thanks for your valuable post. Please post some more related topics. We are on your page only to read your blog because, as you know, there are no other for being here. Like you, we also here for some information of HP printer Offline, so if any of you need any type of help related HP printer then contact our Printer Offline Windows 10 or visit the website.
    Printer Is Offline

    HP Printer Offline

    Printer Offline Window 10

  11. I read this article. I think You put a lot of effort to create this article. I appreciate your work. Wondering where to go in 2019? Things to do has ranked as the best include a remote, idyllic island, the design capital ...

  12. Printing test pages for checking printer quality are becomes necessary when your printer stops printing properly. From the given link you can test print easily.

  13. It's nice to see your writing, which is exactly what I need, it's very detailed

  14. If you need help with writing essay, you can contact a reliable writing service. Take a look at topwritingservice.com feedback which other students left after cooperation with such service.

  15. Your review is very great and useful for me…thank you
    app mobile

  16. Your blog is great. I read a lot of interesting things from it. Thank you very much for sharing. Hope you will update more news in the future. TO Fix Change Password Quickbooks Online please contact our technical expert for help related to QuickBooks.

  17. The ultimate goal of entrepreneurship coursework writing services is to provide Entrepreneurship Writing Services and entrepreneurship essay writing services since entrepreneurship assignments writing service seekers lack time to complete their entrepreneurship term paper writing services.

  18. Sometimes users face some common issues like installation errors, Printing errors, PDF related errors, and connectivity issues while accessing Quickbooks. To overcome all issues with a single application known as Quickbooks Tool Hub. Rather than download individual tools, you can use this tool to save your time.
    Quickbooks tool hub download

  19. Wales publishers are offering optimized, Best Publication Services in UK to boost the researcher and research communities, by providing accelerated and efficient services to fasten the publishing process and to give more opportunities for research on different disciplines.Wales publication research conferences give the researchers an international platform to discuss their scientific research Open Access Publishing UK work and their edges.We are different from other conferences because the community's member organizes our conferences.

  20. sauna room

    WAJA sauna is specialist manufacturer of top quality sauna products. Products include sauna rooms, steam rooms, barrel saunas, wooden hot tubs, and all kinds of sauna accessories.

  21. Thanks for sharing this information. Keep up the good work. Check out the way to fix Dell Error Code 2000-0125. Lean how you can fix it at your own or feel free to call our experts on our toll-free numbers or visit our website to know more!

  22. In case you have any kind of difficulties repaying the online no credit check loans on the agreed date you should inform your direct lender and ask about the possibility to fix a new repayment plan extending the guaranteed payday loans no matter what bad credit.