Symantec Hosted Services analysts spotted a blocked targeted attack today that uses the FIFA World Cup 2010 to encourage the recipient to open a malicious PDF attachment. It uses a very fresh vulnerability in Adobe Reader.
Probably the most damaging type of Internet threat, a targeted attack takes place via e-mail and is designed to target a specific individual or organisation. According to Symantec’s Dan Bleaken, the aim is generally to extract sensitive/valuable information which is used to gain competitive advantage, for blackmail, to harm reputations and gather intelligence.
“A technique commonly seen in targeted attacks is to use legitimate details in the mail but to urge recipients to open a malicious attachment. This latest sample is no exception. It uses the name of a legitimate African Safari organiser, Greenlife. The e-mail was sent from a PC in Singapore (see screenshot below).
”
Greenlife is helping football fans to organise their dream trip to South Africa this summer, by tailoring travel packages for supporters from all over the world. The company has produced an informative and useful PDF guide to the World Cup here Greenlife (on the right hand side).
“The attackers downloaded Greenlife’s PDF document and changed it to include malicious code. They then attempted to e-mail the malicious PDF to a user in a major international organisation that brings together governments from all over the world. We should emphasise that downloading the PDF from the Greenlife website (http://www.e-gnu.com/2010.html ) is perfectly safe currently,” Bleaken says
At the time of writing, none of 41 other major security vendors detect this targeted attack which Symantec Hosted Services blocked comfortably by identifying suspicious characteristics of the PDF.