13 Dec 2010

Malware targets WikiLeaks interest

An internet security firm recently discovered a new malware that uses interest in the WikiLeaks website to spread. According to the firm, the virus is disguised as a PDF attachment.

Tony Wilmington, a malware operations engineer for the firm, described the malware as “a targeted attack against a government body using WikiLeaks as social engineering to get the user to open the document.”

The malware spreads through an email sent from a compromised account that contains a single, incomplete sentence referring to a leak of U.S. diplomatic cables. The sentence fragment is followed by the phrase “attached with more information.”

“Because the ... sentence within the email doesn’t make much sense, the recipient is led to believe the PDF attachment may lead to more information,” wrote Wilmington.

Clicking the attachment launches an encrypted executable file that uses an exploit in Adobe Acrobat Reader to infect the user’s computer.

The internet security company recently released its predictions for malware development 2011. It predicts that cyber criminals will increasingly use social engineering tactics to spread malware.