Due to the time difference, our team is fortifying our emergency monitoring for overseas spreading.
In the midst of this atmosphere, we detected malicious file disguised as his sister(Kim Kyung Hee)'s picture.
Therefore, users need to be careful on using internet.
This malicious file is also showing Kim Kyung Hee picture, and it installs additional malicious file secretly. With the death of Kim Jong Il, various types of malicious files is continuously emerging.
INCA Internet Security Response Center's Emergency Response Team has detected various variants, and based on our analysis, attackers seemed to try to bypass against Anti-Virus Software.
Not only the picture of her, we found another malicious file disguised as a PDF file with the death of Kim Jong Il on December 22, 2011.
The biggest feature of this case is using social engineering and social psychology. If infected by this kind of malicious file, victim's PC can be controlled by attacker.
With continuous appearances of Kim and his family related malicious files, general users need to be careful not to be seduced about those files including phishing, attachment of e-mail, unofficial news, suspicious link, or Shorten SNS URL.
It was on December 20, 2011.
Especially, be careful on attachments such as PDF, DOC, HWP, PPT, ZIP, EXE, or SCR.
2. Malicious file with a picture of Kim Kyung Hee
Our team detected additional another malicious file disguised as Kim Jong Il's sister on our monitoring.
When this malicious file "Kim Kyung-hee.scr" is executed, it will create Kim Kyung-hee.jpg and msrt.exe on Temp folder and will execute.
msrt.exe is self-extractable RAR file, which will extract wship6.tmp, server.exe on Local Settings folder. And it will change server.exe to chksrv.exe.
As user just can see the following image, victim can't notice of being infected.
3. How to prevent
To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.