HI AS we have seen the attacks on US military contracters ,now in the same fashion attackers target the intelligence department
This attack was done with a PDF file. Again. It was targeting the CVE-2009-4342 vulnerability. Again. When opened, the PDF file (md5: c3079303562d4672d6c3810f91235d9b) looked like this: [image: PDF] What really happens in the background? Just like last time, the exploit code drops a backdoor in a file called *Updater.exe* (md5: 02420bb8fd8258f8afd4e01029b7a2b0). Now, what is the document talking about? President's day? DNI Information Sharing Environment? We don't know, but a quick web search tells us that apparently there is going to be an Intelligence fair & expo in Germany next month. [image: NCSI] Hmm. The Agenda looks awfully familiar. We detect the files as *Exploit.PDF-JS.Gen* and *Trojan-Spy:W32/Agent.NBZ*. -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
