[Warning] Kim Jong Il Malicious scam is spreading(Update #3)

1. Introduction

The news of the death of North Korean leader Kim Jong Il was big issue on December 17.
According to this news, various related news and spreading malicious file with social engineering can be happened.
With this reason, INCA Internet's Emergency Response Team has been being concentrated on monitoring.
Various types of malicious file including a Korean entertainer's porn, the death of Steve Jobs, the death of Gadaffi, and so on.

[Caution]Malicious file is spreading via a Korean entertainer's porn video file.


Because social engineering, a classic technique, uses social issue to spreading malicious file, users need to be careful on using internet.

2. Real cases

INCA Internet's Emergency Response Team found the scam for AD with his remains and fortify our detecting level.

Following figure is a capture of blog. The title was "Body analysis of Kim Jong-il" and uploaded attached pics and video files.

However, this video file is NOT REAL. It was just a jpg file and has link to certain URL. This way is very simple but it can be clicked easily.

Following figure is a one of YouTube pages, someone posted reply and user can click that link.
Various videos have been found so far.

To click the link, URL will be redirected to certain page, which leads user to install certain program for playing video file.

To click start, you can download ClickPotato.

Not only this AD, malicious e-mail including malicious file has been found.

Title :
N Korean leader Kim Jong-il dies

Body :
[CNN]North Korean leader Kim Jong-il has died of a heart attack at the age of 69, state media have announced.

Attachment :

2 types of file names have been found. One contains vulnerability in PDF and another contains vulnerability in RTF. We sent both samples to KISA(Korea Information Security Agency) and have cooperated for cybercrime.

Vulnerability in PDF used Win32.CVE-2010-2883, CVE-2011-0611 exploit; therefore, Adobe Reader can be safe with update latest security path.

DOC file structure is same as real RTF file, and it used RTF Stack Buffer Overflow (CVE-2010-3333) exploit.

Brief introduction of Kim Jong-il.pdf
Kim Jong-ils death affects N. Koreas nuclear programs.doc

Following figure is executed malicious PDF file. But it looks like real one.

When vulnerability of PDF document works, it will secretly download and execute malicious and normal PDF files disguised as a Google update related file on User's Local Settings folder.

fabc.scr and abc.scr are different within 5 bytes.
Adding Hex values(4D, 5A, 20, 0D, 0A) on fabc.scr will be abc.src, and log1.txt has the difference.

abc.src will be removed after it creates another malicious file and GoogleUpdate.exe on same folder.

C:\Documents and Settings\(User name)\Local Settings\Application Data\GoogleUpdate.exe

This malicious file is trying to access certain host and it can perform malicious behavior with attacker's command.

INCA Internet's Emergency Response Team collected these malicious file and update is completed.

3. Finishing

Inducing users to click URL or fake video file image is a usual technique of social enginnering. To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Anti-Virus/Spyware” for detecting such as malicious file stated above and runs responding system against various security threats.


  1. Stuck on writing an expository essay? Can't pick a topic? Take a look at some great expository essay topics here, guys!

  2. INCA Internet's Emergency Response Team collected these malicious file and update is completed....

  3. This is also a very good post which I really enjoyed reading. It is not everyday that I have the possibility to see something like this.

    go movies

  4. I finally found great post here.I will get back here. I just added your blog to my bookmark sites. thanks run 3

  5. I understand what you bring it very meaningful and useful, thanks.
    five nights at freddy's

  6. Thanks for the information you shared

  7. Thank you very much for these great cake recipes, I have learned a lot from your web blog

  8. Thank for your writting. You have made it very clear that the problem is happening. I really like your way of thinking

  9. Your thoughts are very deep, I feel it has many meanings and humanities
    read manga online

  10. The experts of Myassignmenthelp Australia are not only proficient in writing the analysis assignments, but they are also comfortable with other genres of assignment writing.
    Students always come to us and ask to do my assignment for me. For all sorts of assignment help services, our experts are capable enough to do your assignment online. Students will always get plagiarism-free papers from this service. All these utilities are available at reasonable prices.
    Essayassignmenthelp.com.au also provides urgent assignment help service to the students through which the students can get assignments within a few hours from placement of the order. This service is especially useful when the students are required to get their essays done immediately.

  11. Our team is continue working for the students to give them best service online, we are offering top service of thesis topics ideas so students can get it from the studentsassignmenthelp. We are every day working to give our services that's we are having best writer, our experts are continue working 24x7. So students can easily take all the services always.

  12. Thank you for sharing this. The blog is very informative. We also provide affordable Accounting Assignment Help in uk.

  13. Good source of information! Your post shares all information of the Assignment Help in a detailed manner. If you want to place your order for assignment completion, browse the website greatassignmenthelp to connect with the highly experienced writers.
    Assignment Help Online
    Online Assignment Help
    Assignment Help Online Services
    Assignment Helper
    Assignment Assistance
    Assignment Help Experts
    Online Assignment Help Services

  14. Nice Post! When you are facing technical errors related to Quicken, our technical experts are technically experienced for solving common quicken problems in very nominal charges. We are technically known for solving all technical issues related to Quicken. Our Quicken Help is open 24 hours to provide instant solutions for any difficulty.
    Quicken Customer Service
    Quicken Customer Service Phone Number
    Quicken Customer Service Number
    Quicken Customer Support Number
    Quicken Customer Support Phone Number
    Quicken Customer Support
    Quicken support Phone number
    Quicken Support Number
    Quicken support
    Quicken Error CC-501
    Quicken Error CC-502
    quicken error cc-503
    Quicken won't open
    quicken won't open after update

  15. Very nice!!! This is really good blog information thanks for sharing. We are a reliable third party Quickbooks software company, offering technical support for various types of technical errors.

  16. Thanks for your insight for your fantastic posting. I’m glad I have taken the time to see this
    red ball 4

  17. “Avail the assistance from our experts to eradicate Canon error code 5b00”
    To Resolve Canon Printer Error Code 5b00 is not such a difficult task for you if you come across an error, and particularly when the continuous ink systems are being installed all the time. These tend to push the printers to their very limits. The error encounters on the canon printers when the inkpad absorber has filled up with the ink. If you are also dealing with the same issue with your Canon printer, follow some given steps. First of all, turn off your printer, then hold the “Resume” button subsequent by holding the power button. Now, release the Resume and Power button. After that, Reset Counter Absorber and at last switch on your printer. If these steps won’t satisfy you, go for Canon Support to eradicate Canon error code 5b00. Dial our toll-free number and take assistance from our experts.
    Canon error code 5b00
    Canon B200 Error
    Canon Wireless Printer Setup
    Connect Canon Printer To Wi-Fi
    Canon printer offline

  18. Hi, I am anyageorge as an Office tech support executive well praised among the customer to help them in resolving their queries related to office setup. As problem or queries can turn up at anytime so you should be ready for it, just visit office.com/setup and download the latest office setup. While doing so if you come across any difficulty then you can make connection with me.


  19. With an aim to get excellent quality prints, I bring HP Printer into play and in my office. And you won’t believe I got the outstanding results from my HP printer. Truly HP printers are the value for money devices. But, from last weekend I started to face quite a lot of nasty errors while printing with my HP printer. Therefore, I am looking to create HP Printer Setup once again in my computer system. Can someone please guide me towards the steps to create setup of my HP printer within my PC?

  20. I am using McAfee software from last couple of years to secure my computer system. I am completely satisfied with its user friendly interface and excellent shield protection. But, due to some surplus reasons, McAfee won’t open and therefore my system become vulnerable to virus attacks. Can someone guide me to get rid of this issue? I just want to resolve mcafee Antivirus issues so, please suggest me before long.

  21. Issues associated with the HP printer are haunting many users day by day, ever since they have upgraded their windows 10. Most of them are encountered the same issue in which their printer gets offline and unable to print. Basically, Epson Printer Offline issue or error message appears in the Windows when there is no connection between printer and computer. The reason behind your printer to go offline can be anything like faulty driver, USB cable is damage, printer settings, and many more. But, you don’t need to take tension as by taking guidance from the third party associates you can easily overcome this issue and once again be able to enjoy printing within your Epson printer.
    Epson Support

    Epson Printer Support


    Epson error code 0x10

  22. Very Nice Blog! This blog is totally informative about Assignment Help services. This blog gives the best ideas for college student about assignment writing services. Thanks for sharing this blog!
    Assignment Help Online
    Online Assignment Help
    Assignment Help Online Service
    Assignment Helper
    Assignment Assistance
    Assignment Help Experts

  23. Thanks for sharing such important information which is very useful .I really appreciate your way of work.
    123.hp.com/setup | HP Printer Assistant Software | 123.hp.com/Laserjet | 123.hp.com/envy5540

  24. Hi! When I read this blog. I'm quite impressed with this blog this is very informative and useful for me. . If need anyone My Assignment Help then contact our expert team. We have to provide high-quality assignment Help for students. Our expert team is available 24*7.


  25. I like your explanation of topic and ability to do work.I really found your post very interesting .
    BigPond email login