U.S. military contractors targeted with malicious PDFs

Have you read the latest issue of our digital (IN)SECURE Magazine? If not, do it now.

The last few months have seen a lot of cyber attacks aimed at U.S. military contractors and they are still ongoing.

F-Secure researchers have recently spotted an email obviously directed at military contractors’ employees, which contains a malicious .pdf attachment.

“When opened in Adobe Reader, it exploits a known Javascript vulnerability and drops a file called lsmm.exe,” they explain. “This is a backdoor that connects back to the attacker, who is waiting at IP addresses and”

In order to keep the recipient from suspecting foul play, the file then opens a legitimate-looking call for papers for a conference:

It is known that the RSA hack was executed in order to compromise its SecurID tokens, widely used by a great number of companies that do business with the government. But, as this example shows, there are easier ways to gain access to their computers.