Malicious PDF Attack Baiting Defense Industry Victims

There has been a spate of spear-phishing attacks against a number of high-profile targets in the last few months, including RSA and others, and that trend is continuing unabated. Researchers have come across a fresh attack using the familiar malicious PDF attachment that appears to be targeting users in the defense industry.

Defense industry PDFThere has been a spate of spear-phishing attacks against a number of high-profile targets in the last few months, including RSA and others, and that trend is continuing unabated. Researchers have come across a fresh attack using the familiar malicious PDF attachment that appears to be targeting users in the defense industry.

The latest attack is using a decoy PDF that exploits a vulnerability in JavaScript to install some malware on the victim’s machine. The fake PDF that the attack employs is an advertisement for the call for papers for a defense-industry conference at the Naval Postgraduate School in California, according to an analysis by F-Secure researchers.

When opened in Adobe Reader, it exploits a known Javascript vulnerability and drops a file called lsmm.exe. This is a backdoor that connects back to the attacker, who is waiting at IP addresses 59.7.56.50 and 59.19.181.130,” F-Secure’s Mikko Hypponen wrote.

“After this, a decoy PDF file is shown to the end user. The decoy is a call for papers for 2012 AIAA Strategic and Tactical Missile Systems Conference, which is a US conference classified as SECRET.”

These kinds of attacks have become an effective tool in the arsenal of attackers who are looking either to go after a user in one specific company or to get as many victims as possible in a short amount of time. The RSA attack was the most well-publicized of these attacks, but there have been a number of others in recent months as well, and they tend to follow a set pattern that involves doing some reconnaissance on a potential target, finding attractive topics for the email and crafting a message that appears to be from a trusted source.

The defense industry in the U.S. has been a frequent target of attacks of late, including incidents at Lockheed Martin, IRC Federal and Booz Allen Hamilton.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.