Unidentified hackers are running an ongoing cyber-espionage attack targeting US military contractors Booby-trapped PDF files, posing as messages from the US Department of Defense, were emailed to US defence contractors last week. The document refers to a real conference due to be held in Las Vegas in March. Opening the …
Better hurry up and upgrade to your new Acrobat Espionage Enabled Reader, 'cause we all like giving away secrets.
Shh, don't tell Paris though... She doesn't want to be reminded about that stupid phone.
No problme provided they have the latest patches installed then
Oh, we are talking US Government Con-tractors.
At last - a use for Pointless Document Format
Good work, John
Good to see at last that someone finally recognizes that IE isn't the only attack vector available or in use by hackers.
Having been pilloried for pointing out that fact in comments on other stories, it's a brave man who would make such a true statement.
Of course, I expect to get massacred again, only for actually agreeing with a story, which doesn't contain purely anti Microsoft browser sputum.
Could it be
that this attack only works on one particular operating system?
Enquiring minds want to know.
CVE says Windows and MacOS-X vulnerable
The F-Secure article links to CVE-2009-4324, which states both Windows and MacOS X systems are vulnerable.
Of course, one would wonder who would open an attachment in an email that perhaps has spelling/grammer mistakes in line with "USA Department of Defence invite you too our Las Vegas show!" (see if you notice all of what's wrong in that statement) or other common spam-from-non-native-English-speakers issues.
Why? I mean, just why? I'm so glad that Preview on the Mac covers all this stuff and I used to use Foxit Reader on Windows. Can't understand anyone using that bloated puss from Adobe.
And they just keep using MS products
I find difficult to believe that 'U.S. military contractors' wouldn't use secure email accounts in their communications with their Government. Another proof of the excellent work F.B.I., N.S.A. et all. are doing protecting their country from terrorists, pedophiles, drug dealers and OMG, now spies.
The USA is going to hell in a basket, and the only problem I have with that is that the rest of the western world is following the same path. :(
Was it just me
But this morning I woke up to find that four of the big names in IT recruitment had sent me nearly identical emails thanking me for my recent registration (I've not had need of their services for half a year now) and linking me to nearly identically named pdf files located in nearly identical folders on their servers.
Each message has a subject of "A brief message from ***** : Ref No C??????" and then go on to list PDF files in a folder called legal/FCN split up by geographic region.
Perhaps I'm just getting paranoid.
Heh "Avoid Detection"
From the F-Secure article:
"In order to avoid detection, it bypasses the local web proxy when doing this connection. "
So that'll mean it'll show up on the firewall then... Oh wait.. you mean it wasn't set up accordingly??
Shirley, you can't be serious?
My office is in the fifth great year of Adobe Reader 7.0.5. (Well... I'm not sure we got 7.0.5 when it first came out. But we've got it now.)
Probably we couldn't run your exploits if we wanted to, and if hackers are sufficiently professional to shred their files after three years, I guess we're pretty safe.
Um, using your secure email to connect to a non-secure email system violates security protocol. Therefore defense contractors tend to have at least two email accounts, one of which is not secure for general use. I say at least one, because they may work with multiple levels of security and the same rules apply for each increased level of security.
Please, use your head for something other than a mobile hat rack.