[Information] 2012 London Olympic schedule, or a malicious file.

1. Introduction

London 2012 Olympic Games will be held, and the world's attention has been focused on the Olympics. Athletes are playing games and malicious attackers are spreading malicious files disguised as Olympic schedule. This malicious file uses PDF font exploit and it can print Olympic schedule. Therefore, general users can't recognize whether they were infected or not.

2. Spreading path and symptom of infection

This file can be spread via attachment of e-mail, SNS, link on messenger. It uses PDF font exploit and following is affected versions.

Affect-able versions

- Adobe Reader 9.3.4 or lower
- Adobe Acrobat 9.3.4 or lower

In case of this malicious file, it used exploit which can cause stack overflow with using certain table of encrypted TTF(TrueTypeFont) stream on PDF file. Code is as following.

Upon executing this application program, it shows PDF file as following.

Besides, it creates additional malicious file on following path.

Created files

- (User temp folder)\~temqp.tmp (53,248 bytes)
- (User temp folder)\explorer.exe (53,248 bytes)
- (User temp folder)\~vmdmc.exe (484,864 bytes, copy of normal cmd.exe)

Registry values

- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- Name : "arun"
- Data : "(User temp folder)\explorer.exe"

(User temp folder) is generally "C\Documents and Settings\(User account)\Local Settings\Temp".

These malicious files have WORD file's icon.

And, these malicious files tried to access on certain external site of China, but that site can't be connected no more.

3. How to prevent

In case of these malicious files using document file exploit, precaution is almost impossible. Furthermore, these can be combined with social engineering technique. To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.
nProtect Anti-Virus/Spyware v3.0 diagnoses and treats various variant files.

Free installation link of nProtect AVS : http://avs.nprotect.com/

- Diagnosis names

- Trojan/W32.Agent.53248.CYM
- Trojan-Exploit/W32.Pidief.291556.JVF
- Trojan/W32.Agent.53248.DDR


  1. Are you excited for NBA 2K18 Game? NBA 2k18 Game will feature NBA basketball games with real effects and customized players and teams. This game created with latest designed, game commentary, halftime shows and even various visual features and lighting, player animations and camera angles will be improved than previous series. NBA 2K18 Release Date

  2. Chào các bạn !!
    Mình đến từ Công ty van chuyen hang thai lan pusa asia nếu các bạn đang cần tìm nguồn hàng giá rẻ sỉ thì liên hệ chúng tôi ngay . PUSA ASIA chúng tôi sẽ giúp bạn dat hang thai lan online về cho bạn một cách đơn giản dễ dàng. Chỉ cần bên bạn ( quý khách hàng , người tiêu dùng v.v..) đưa thông tin sản phẩm cho PUSA ASIA chúng tôi , thì công ty chúng tôi sẽ tìm đến và mua , vận chuyển về Viêt Nam . Ngoài ra chúng tôi hỗ trợ bạn về ship hàng thái giá rẻ nhanh chóng uy tín .
    Thông tin liên hệ :
    +Thái Lan: +66.805586763 (Call,Viber,Zalo,Line. Người việt)
    +Việt Nam: +84.949.456.968 - Email: pusa.asia@gmail.com
    Lưu ý bên vận chuyển hàng thái lan pusa asia chúng tôi còn có chuyển hàng : thời trang, quần áo , hàng gia dụng , hàng điện tử , nhạc cụ âm nhạc (đàn tỳ bà) và những hàng nặng như xe đạp điện , xe máy v.v..
    => chuyển hàng thái lan về bến tre

  3. Hey there! Looking for a decent paper writing service, eh? Well, consider you've found it!

  4. This comment has been removed by the author.

  5. This comment has been removed by the author.

  6. I want to note that your blog is very informative and you are incredibly responsible for the formation of content, which brings a lot of benefits to the blog.

  7. Thanks to such articles, each person can understand this topic and avoid unpleasant consequences in the future.

  8. Thanks for sharing, nice post! Post really provice useful information!

    Giaonhan247 chuyên dịch vụ mua hàng trên dịch vụ mua hàng trên ebay việt nam cùng với bảng giá gửi hàng đi mỹ của dịch vụ order hàng hàn quốc giá rẻ.

  9. a wonderful article, Given so much info in it, These type of articles keeps the users interest in the website, and keep on sharing more ... good luck!

  10. Looking for someone write my assignment here are Expert Allassignmenthelp well efficient and capable of creating unique assignments for students .Online Assignment Help is a term which is best for students help, they can easily get help for their assignments online.

  11. It’s good to know about your blog and its post. You have done pretty impressive work on this blog and it posts, Keep up doing well. dissertation help

  12. Students Assignment Help provides the best nursing assignment help services to the students. Our expert team is available anytime to help in all academic writings like Dissertation Writing, Essay Assignment Help, course work, Assignment Help.

  13. Students Assignment Help is the most professional nursing assignment help service provider agency. Our assignment services are the best to meet the academic needs of students. For details email us at info@studentsassignmenthelp.com or WhatsApp +44-755- 536-9184