INCA Internet response team detected malicious files about Agni-V, an intercontinental ballistic missile developed by the Defense Research and Development Organization (DRDO) of India.
Especially, it is disguised its file name sent from DRDO and seemed to be a kind of APT.
According to DRDO chief, the exact range of Agni V is "classified" but afterwards he described Agni V as a missile with a range of 5,500-5,800 km.
Agni means the "god of fire", and named Indian ballistic missiles.
[Caution] Malicious file about North Korea's nuclear test
[Warning] APT malicious files for Geographical Survey Institute of Ministry of Land, Infrastructure, Transport and Tourism
[Caution] APT attack about 53rd anniversary of Tibetan Uprising day on March 10
Found malicious file is disguised as a DOC file, which uses CVE-2010-3333 exploit.
The name of that file is "First test of nuclear missile Agni-V in a fortnight DRDO chief.doc" and induces user itself sent by DRDO(Defense Research and Development Organization).
Without latest security update, this file shows MS Word page as following and will install malicious files.
It will create msb.exe on Temp folder and execute. Then it will copy svchost.exe on Application Data folder and remove original msb.exe.
This malicious file tries to access certain host in U.S. and waits additional command.
Accessing server locates in U.S.
To be safe from APT attacks and various cyber threats, we need security training course, management, and monitoring. Furthermore, continuous managing and security strategy will be needed. To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.