INCA Internet response team detected 4 malicious files about The 2012 Nuclear Security Summit held in Seoul, South Korea, on March 26 and 27, 2012. Its spreading case of 3 or more countries seems to be as a APT for multiple countries.
Especially, since this document is registered in UN's official web site, spreading malicious file with using this document can be worked as a aggressive malicious file.
Samuel J. Locklear, United States Navy four-star admiral who currently serves as Commander, U.S. Pacific Command, said that we will strongly respond when North Korea will try to 3rd nuclear test on April 14 at Korea-U.S CFC .
The rumor has that there are lots of possibility of North Korea's 3rd nuclear test after failure of Kwangmyongsong-3.
Malicious files can be spread with social engineering, especially on APT for multiple countries.
[Caution] Malicious file about Agni-V is an intercontinental ballistic missile from India
[Caution] Malicious file about North Korea's nuclear test
Original file, Seoul_Communique.pdf, is on UN's official web site, however, the name of malicious file is Seoul Communique_FINAL.pdf and was founded in Canada, France, Belgium and India.
Original file : http://www.un.org/disarmament/content/spotlight/docs/Seoul_Communique.pdf (about 70KB)
Malicious file's size is 258KB.
When malicious file is executed, it will create Adobe.pdf which is a normal file on Temp folder.
When user is vulnerable PDF exploit, it will create malicious "wininit32.exe", "wininit.dll" (hidden type) on following folder.
Malicious wininit.dll will run as injected on normal explorer.exe and try to access certain host on China.
Various damages including remote control are being expected.
Advanced persistent threat for multiple countries can be sentive issue for the country. China is one of most famous for sources of malicious files though, various countries can be attacked. To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.