Spam messages with malicious attachments have been detected with subject lines referring to the death of Kim Jong-il.
According to Trend Micro, some of the messages arrive with a .PDF attachment that has the file name ‘brief_introduction_of_kim-jong-il.pdf.pdf'; the attachment contains the malicious file TROJ_PIDIEF.EGQ.
Michael Casayuran, anti-spam research engineer at Trend Micro, said TROJ_PIDIEF.EGQ opens a non-malicious PDF file, which contains a picture of Jong-il and a short biography of the former North Korean leader.
“Aside from this particular spam attack, we've also encountered malicious documents that bear file names mentioning Kim Jong-il. One of the files we saw is a Word document and has a file name relating to North Korea's nuclear programmes and is detected as TROJ_ARTIEF.AEB. This file, when opened, drops another file into the system, detected as BKDR_PCCLIEN.BQD. This connects to its command and control server through port 8000,” said Casayuran.
“Here at TrendLabs, the death of a globally known person has become an automatic trigger for us to look for attacks trying to taking advantage in order to protect our customers who are trying to look for more information. Such events generate global interest in a very short amount of time, so they make very good social engineering lures.”