USの防衛関係のPDFファイルに悪意のあるコードが埋め込まれていて、標的型攻撃があったとのこと

F-Secure Labs has learned of another interesting targeted attack. In this case, malicious PDF files were emailed to US defense contractors. While the "Aurora" attacks against Google and others happened in December 2009, this happened just last week.
The PDF file was quite convincing and it looked like it came from the Department of Defense:

News from the Lab Archive : January 2004 to September 2015

Adobe Readerの脆弱性をつくみたいです。

When opened to Adobe Reader, the file exploited the CVE-2009-4324 vulnerability. This is the doc.media.newPlayer vulnerability that Adobe patched last Tuesday.
The exploit dropped a file called Updater.exe (md5: 3677fc94bc0dd89138b04a5a7a0cf2e0). This is a backdoor that connects to IP address 140.136.148.42. In order to avoid detection, it bypasses the local web proxy when doing this connection.

News from the Lab Archive : January 2004 to September 2015

関連URL

• エフセキュアブログ : 米軍事契約企業に対する標的型攻撃が継続中
• Spam Attack Against the U.S. Defense Department Exploits an Adobe Vulnerability | Malware Blog | Trend Micro