Technology Sectors

Market Sectors

Cyber attack using PDFs targets industries

Mon, 2012-08-20 08:13 AM

Malware PDF

A new kind of targeted cyber attack against defense, chemical and technology industries is slipping into networks under the guise of PDF files, said cyber security experts.

FireEye Malware Intelligence Lab and Kaspersky Labs noted on Aug. 15 that the new malware has the makings of a targeted attack campaign against several high-value industries, including the defense, chemical, technology and aerospace industries that uses a Trojan program rigged to PDFs to deliver its payload. The MyAgent Trojan is primarily spreading through email as a zipped .exe file or PDF attachment, according to researchers writing on FireEye’s blog site.

FireEye researchers said they had been tracking malware they called “Trojan.MyAgent” for some time. The malware is currently using email as its primary vector of propagation, they said and that data FireEye’s Malware Protection Cloud (MPC), indicated it was targeting the industries

“We have seen different versions of this malware arriving as an exe inside a zipped file or as a PDF attachment,” said the researchers. The emails are disguised as PDF files that have been labeled “Health Insurance and Welfare Policy,” in some instances. Once the file is opened, the malware is unleashed, it said. In addition to opening up a PDF file, the malware can also drop another executable called ABODE32.exe in the temp directory. The typo in ABODE32 is intentional, they said. Both the dropper and the dropped executables have decent detection on VirusTotal (VT).

FireEye noted the ‘ABODE32.exe’ executable accesses Windows Protected Storage, which holds the passwords for IE, Outlook, and other applications.

Once it gets a foothold on the infected system, the malware connects back to its command and control server, said the group, the user agent string and URI of which are hard-coded into MyAgent’s binary. In addition to this, FireEye said it noticed the malware loading different DLLs to communicate with its command and control. Despite MyAgent’s relatively high detection rate, said FireEye, its dynamic intermediary stages put the malware in the “advanced” category.

Tags:

Upcoming Events

Event Details	Dates of Event
SANS Austin 2013	May 19 - 24
DoD VA Healthcare Training Forum	May 20 - 23
Transport and Logistics of Hazardous Material	May 27 - 28
Southwest Microwave Seminar	May 28 - 28
Border Management Southwest Summit	May 29 - 31
Cyber Security Conference & Expo	May 30 - 30
Mobile Device Security Summit 2013	May 30 - Jun 6
Security Analytics Summit 2013	May 30 - Jun 6
Cyber Security Conference & Expo	May 30 - 30
Southwest Microwave Seminar	May 30 - 30
SANS Malaysia @ MCMC 2013	Jun 3 - 8
2013 SIA Government Summit	Jun 4 - 5
Southwest Microwave Seminar	Jun 4 - 4
NCT: CBRNe Israel, 4 - 6 June 2013, Tel Aviv	Jun 4 - 6
SEL Modern Solutions Power Systems Conference	Jun 5 - 7
Mission Command	Jun 10 - 12
Cyber Securty Brainstorm	Jun 11 - 11
EDGE Summit 2013	Jun 11 - 11
IPv6 Summit 2013	Jun 14 - 16
SANSFIRE 2013	Jun 15 - 22
Oak Ridge National Laboratory's 2nd Biosurveillance Symposium	Jun 17
Biodetection Technologies 2013	Jun 18 - 19
Southwest Microwave Seminar	Jun 18 - 18
Cyber Defense and Network Security Summit	Jun 24 - 26
Vanguard Security & Compliance 2013	Jun 24 - 27
SANS Canberra 2013	Jul 1 - 13
Border Management & Technologies Summit	Jul 2 - 5
SANS Rocky Mountain 2013	Jul 15 - 20
SANS Mumbai 2013	Jul 22 - 27
SANS San Francisco 2013	Jul 29 - Aug 3
SANS Boston 2013	Aug 5 - 10
Cyber Security for Government	Aug 12 - 14
SANS Thailand 2013	Aug 19 - 31
SANS Virginia Beach 2013	Aug 19 - 30
Maritime Security 2013 West	Aug 19 - 21
930gov: Strategic Buying at Year-End Showcase	Aug 21 - 21