• Kim Jong-il PDF Malware

    by  • December 20, 2011 • Uncategorized

    Update: See also http://blog.trendmicro.com/kim-jong-il-malicious-spam-found/comment-page-1/#c…

    This is just meant to be a quick post and not a full analysis. After checking PDF X-RAY this morning I came across a file that contained a good amount of well-organized JavaScript that seemed to target several versions of Adobe Reader.

    https://www.pdfxray.com/interact/b9183507150e32cace16c1dd68f2dc67/

    I set my test system back to Adobe Reader 9.4.0 and ran the file. After exploiting reader, a clean file was dropped with content about the recent death of Kim Jong-il. 

    Dynamic dump along with the files can be downloaded here. (password infected)

    About