Cybercriminals take advantage of death of Korean leader Kim Jong Il. TrendMicro researchers found spammed messages with email subjects "Korean leader Kim Jong Il dies".The mail has a PDF Attachment named as "name brief_introduction_of_kim-jong-il.pdf.pdf". The file is detected as TROJ_PIDIEF.EGQ.
TROJ_PIDIEF.EGQ opens a normal PDF file to trick the user into thinking that it is a normal file.
Aside from this particular spam attack, TrendMicro also encountered malicious documents which bear file names mentioning the late Korean leader. one files named Kim_Jong_il___s_death_affects_N._Korea___s_nuclear_programs.doc and is now detected as TROJ_ARTIEF.AEB.
This file, when opened, drops another file into the system, one detected as BKDR_PCCLIEN.BQD. BKDR_PCCLIEN.BQD connects to its C&C server through port 8000.
TROJ_PIDIEF.EGQ opens a normal PDF file to trick the user into thinking that it is a normal file.
Aside from this particular spam attack, TrendMicro also encountered malicious documents which bear file names mentioning the late Korean leader. one files named Kim_Jong_il___s_death_affects_N._Korea___s_nuclear_programs.doc and is now detected as TROJ_ARTIEF.AEB.
This file, when opened, drops another file into the system, one detected as BKDR_PCCLIEN.BQD. BKDR_PCCLIEN.BQD connects to its C&C server through port 8000.