London 2012 Olympic Games will be held, and the world's attention has been focused on the Olympics. Athletes are playing games and malicious attackers are spreading malicious files disguised as Olympic schedule. This malicious file uses PDF font exploit and it can print Olympic schedule. Therefore, general users can't recognize whether they were infected or not.
2. Spreading path and symptom of infection
This file can be spread via attachment of e-mail, SNS, link on messenger. It uses PDF font exploit and following is affected versions.
In case of this malicious file, it used exploit which can cause stack overflow with using certain table of encrypted TTF(TrueTypeFont) stream on PDF file. Code is as following.
Upon executing this application program, it shows PDF file as following.
Besides, it creates additional malicious file on following path.
These malicious files have WORD file's icon.
And, these malicious files tried to access on certain external site of China, but that site can't be connected no more.
3. How to prevent
In case of these malicious files using document file exploit, precaution is almost impossible. Furthermore, these can be combined with social engineering technique. To
use PC safely from security threats of these malicious attachments, we recommend
you download latest security updates and obey following "Security management
tips" for general users.
Internet (Security Response Center / Emergency Response Team) runs responding
system against various security threats.
nProtect Anti-Virus/Spyware v3.0 diagnoses and treats
various variant files.
Free installation link of nProtect
AVS : http://avs.nprotect.com/
- Diagnosis names