Major events often used by spammers to fuel their scams.
While the World Cup soccer tournament is still more than two months away, researchers from Symantec are reporting on a targeted malware campaign using a FIFA World Cup theme. Attackers changed Greenlife’s PDF document to include malicious code. Emails contain this attached PDF file claiming to provide a guide to the first African edition of football’s most prestigious tournament.
The attack makes use of a recently patched Adobe Reader vulnerability to drop malware into machines running an unpatched version of Adobe reader. The exploit takes advantage of a flaw in the TIFF file parsing in Adobe Reader. In particular, a stack overflow is caused by inserting a TIFF image into the PDF with a specially crafted “DotRange” tag.
A successful execution of the attack drops a rootlet and a backdoor Trojan on compromised machines.
Anticipating the logical increase of FIFA World Cup 2010 themed malicious activity due to millions of funs, some stats showing the dynamics of malicious sites and spam campaigns using the World Cup as theme have been released.
Tags: malware, spam, vulnerability
