Russians behind attack PDFs, security researcher says

R

RadioPatrol

Guest
:coffee:

Russians behind attack PDFs, security researcher says
An infamous hacker gang is sending malicious PDF docs, stealing financial data

Gregg Keizer Today’s Top Stories or Other Security Stories


October 24, 2007 (Computerworld) -- A notorious Russian hacker gang is responsible for ongoing attacks using malicious PDF documents, a researcher said today.

Users can thank the Russian Business Network (RBN), a well-known collective of cybercriminals, for the malware-armed PDF attachments that began appearing in in-boxes yesterday, said Ken Dunham, director of response for iSight Partners Inc. If the rigged PDFs succeed in infecting the target Windows system, the attack code installs a pair of rootkit files that "sniff and steal financial and other valuable data," said Dunham via e-mail.

The rogue PDF documents are attached to spammed e-mail and arrive with filenames such as BILL.pdf, YOUR_BILL.pdf, INVOICE.pdf or STATEMET.pdt, said Symantec Corp. in a separate advisory yesterday. They exploit the "mailto:" protocol vulnerability disclosed more than a month ago by U.K.-based researcher Petko Petkov.

When recipients open the attacking PDF, it launches a Trojan horse dubbed "Pidief.a" that knocks out the Windows firewall and then downloads another piece of malware to the compromised computer. That second piece of attack code is a dedicated downloader that, in turn, retrieves the two rootkit files from a pair of RBN-controlled servers and drops them onto the hacked PC.

According to Dunham, the RBN servers and the rootkit files are familiar to researchers. "[They] are the same as those used in zero-day Vector Markup Language (VML) attacks from September 2006," he said. The VML vulnerability, disclosed early that month, was so aggressively exploited that a group of security professionals issued an unsanctioned patch, prompting Microsoft to release one of its rare out-of-cycle fixes in late September.
Click to expand...

:snacks:
 
Sonsie

Sonsie

The mighty Al-Sonsie!
I ride herd on my home system pretty tight. Nobody opens anything I haven't seen personally first. My husband will click on anything, he has had too many years of gov baby serv, he has no idea what is suspicious.
 
R

RadioPatrol

Guest
Sonsie said:
I ride herd on my home system pretty tight. Nobody opens anything I haven't seen personally first. My husband will click on anything, he has had too many years of gov baby serv, he has no idea what is suspicious.
Click to expand...

Aww poor Sonsie ........... suck being the house IT Person dont it ? :jameo:
 
R

RadioPatrol

Guest
Sigh ........ G4 450 AGP - Mac OS X 10.3, Dell 400SC Windows XP, White Box Dual P III 800 Mhz Lamp Server ( Unbuntu 6.10 LTS )
 
R

RadioPatrol

Guest
nice system .......... i know where all your money went ............
 
R

RadioPatrol

Guest
Patch Tuesday said:
Leopard is the upgrade to Tiger that went on sale last Friday...

Beats the hell out of Microshaft. Five licenses were only $199. That one copy of Vista Ultimate alone cost me $400...

Get with the program, Leopard is the new one...

:whistle:
Click to expand...

oh elitist one .............. Excuse the hell outa me .............. I have not bothered keeping up since i upgraded to Panther ......... really no use upgrading my paltry G4 450mhz 1.5 Gb Ram 127 Gb Hd system ..........

so i have not kept up ......... oh and my Powerbook G3 500 Pismo ain't worth it either still running 9.1 so i can run my Afterdark SS

but if runs Photoshop 3,4,5,6 just fine along with Canvas 2, 5, 7 ..... office 98

but yeah you cannot beat the family upgrade pricing .............
 
R

RadioPatrol

Guest
Patch Tuesday said:
Don't take that jab seriously, it's all fun...

I'm kinda screwed on this system though. Had to promise the wife I wouldn't buy another one for 3 years when I bought it, which will be a record for me...

I got it right when they came out, so I've got nearly two years to go before I can replace it...

The silver lining is the processors just aren't getting speedier like they used too, so these quad core Xeon's will most like remain plenty powerful during my three year buying moratorium...

You should have seen her face when I bought the 30" cinema monitor with it...

:killingme
Click to expand...

My G4 is still quite usable ......... as long as your not needing to upgrade apps all the time .......... lock in @ a certain point 2 yrs ago I was still replacing Win 98 / Office 97 PC.s ........


I run Photoshop 7 fine, Office Mac people always think for productivity its gotta be the newest .......... maybe for CAD or some other modeling ..... a system like yours baring hd wearing our should last you 5 yrs ......... easy and still be plenty usable

but hey i'll take it off your hands next yr when it is 3 yrs old and your getting rid of it

:whistle:
 
RadioCtrlDWife

RadioCtrlDWife

New Member
RadioPatrol said:
My G4 is still quite usable ......... as long as your not needing to upgrade apps all the time .......... lock in @ a certain point 2 yrs ago I was still replacing Win 98 / Office 97 PC.s ........


I run Photoshop 7 fine, Office Mac people always think for productivity its gotta be the newest .......... maybe for CAD or some other modeling ..... a system like yours baring hd wearing our should last you 5 yrs ......... easy and still be plenty usable

but hey i'll take it off your hands next yr when it is 3 yrs old and your getting rid of it

:whistle:
Click to expand...
Mr Patch' s keyboard will be the stressed point which fails..... JK

Have a Five Bar Day
Bill
 
You must log in or register to reply here.
Top