As expected, malicious spam taking advantage of the death of North Korean leader Kim Jong-il has been hitting inboxes since the news was announced.
The emails contain a simple line of text announcing the death, likely copied and pasted from the CNN website, and carries an attachment named brief_introduction_of_kim-jong-il.pdf.pdf.
Once downloaded and executed, the malicious file opens a non-malicious PDF file containing a picture and information about the deceased man in order to hide its true activity on the victims’ computer.
In other variants of the same theme, the attached file is named Kim_Jong_il_s_death_affects_N._Korea_s_nuclear_programs.doc and, once opened, it drops backdoor-opening malware into the system, which then connects to a remote C&C server for further instructions.
“Here at TrendLabs, the death of a globally known person has become an automatic trigger for us to look for attacks trying to taking advantage in order to protect our customers who are trying to look for more information,” say the researchers. “Such events generate global interest in a very short amount of time, so they make very good social engineering lures.”
In addition to spam emails, this kind of news often generates SEO poisoning attacks, so be careful when searching for news through search engines.