Shanghai Expo Spam Carries Backdoor
March 30, 2010
How does this threat get into users' systems?
This threat arrives as a spammed message purportedly from the Bureau of the Shanghai World Expo. It contains a .PDF file attachment asking users to fill it out.
How does this threat infect users?
The attachment is a malware detected as TROJ_PIDIEF.ACV, which exploits a vulnerability in certain versions of Adobe Reader and Acrobat. Once exploited, it drops a backdoor detected as BKDR_RIPINIP.I.
What is the driving force behind this threat?
The backdoor performs several malicious routines, including receiving commands from a remote user and stealing information such as an affected system's OS version, CPU information, computer name, and IP address.
What is different in this attack?
While the same vulnerability has been exploited in other attacks earlier this year, the method used to exploit the said vulnerability differed in that the specially crafted .PDF files have a malicious .TIFF file embedded, which if processed by Adobe products, and executes arbitrary code.
Also, these attacks seem to be relying on the recipients’ interest or participation in the Shanghai World Expo named "Expo 2010," which expects to draw a crowd of up to 70 million visitors, the largest in the history of these types of events, according to .
How can users protect themselves from this attack?
This attack has several components. Multilayered defense is necessary to ensure that the malicious spam, the PDF exploit, the backdoor, and the backdoor’s outbound communication are blocked or detected.
live casino online Smart Protection Network ? detects the spammed message and all the files related to this attack and blocks the associated domain server where the backdoor connects to send stolen information. live casino online can also help shield users from the vulnerability related to this attack. live casino online users with plug-in are also protected from this attack if their systems are updated with the release.
This threat arrives as a spammed message purportedly from the Bureau of the Shanghai World Expo. It contains a .PDF file attachment asking users to fill it out.
How does this threat infect users?
The attachment is a malware detected as TROJ_PIDIEF.ACV, which exploits a vulnerability in certain versions of Adobe Reader and Acrobat. Once exploited, it drops a backdoor detected as BKDR_RIPINIP.I.
What is the driving force behind this threat?
The backdoor performs several malicious routines, including receiving commands from a remote user and stealing information such as an affected system's OS version, CPU information, computer name, and IP address.
What is different in this attack?
While the same vulnerability has been exploited in other attacks earlier this year, the method used to exploit the said vulnerability differed in that the specially crafted .PDF files have a malicious .TIFF file embedded, which if processed by Adobe products, and executes arbitrary code.
Also, these attacks seem to be relying on the recipients’ interest or participation in the Shanghai World Expo named "Expo 2010," which expects to draw a crowd of up to 70 million visitors, the largest in the history of these types of events, according to .
How can users protect themselves from this attack?
This attack has several components. Multilayered defense is necessary to ensure that the malicious spam, the PDF exploit, the backdoor, and the backdoor’s outbound communication are blocked or detected.
live casino online Smart Protection Network ? detects the spammed message and all the files related to this attack and blocks the associated domain server where the backdoor connects to send stolen information. live casino online can also help shield users from the vulnerability related to this attack. live casino online users with plug-in are also protected from this attack if their systems are updated with the release.