Monday, July 19, 2010

Worst Social Engineering Ever

From a recent submission via the email intake - hereyougo at vicheck.ca:

With a subject line of a invitation to a Tibetan event, invitation.rar (3026984137716828cf8f55b10bb0069) contained the aptly named "exploit.pdf" which certainly inspires confidence to open the attachment:

exploit.pdf:
EXECUTABLE SCAN: PDF Exploit Embedded Flash may be CVE-2010-1297 (genexploit/full)
REPORT: https://www.vicheck.ca/md5query.php?hash=ee81327f15db183f83815754fbfad5dd
Exploit method detected as genexploit - PDF Exploit Embedded Flash may be CVE-2010-1297.
Confidence ranking: 100 (11 hits).

Embedded EXE is encrypted with a 256 byte key as well as a simple replacement cipher.

Drops:

No comments:

Post a Comment