HOTLINE: [+36] 30-9060919 | Mail:


Click for Shanghai, Shanghai Forecast


Buy Your own advertising

. Download Adobe Acrobat Reader to open [PDF] files.

Recent Visitors
visitors by country counter

Malware Attack Disguised as China World Expo

2010. 5 April

( The coming Shanghai World Expo (1 May - 31 October 2010) has been exploited by hackers to circulate malware. The alert message was sent by the reporter's group in China.

The report tells that the mail seems to have come from the Expo news office. However, it was not sent by the Expo.

The security company 'Trend Micro' detected a harmful attachment in the scam mail as TROJ_PIDIEF.ACV. Reportedly, this .PDF file abuses a known vulnerability in Adobe Acrobat and Reader. It is learnt that this particular flaw was patched in the mid of February 2010. But the attacks exploiting the same vulnerability were again reported in March 2010.
But the technique used for exploiting this vulnerability differs from the one used earlier in 2010. A researcher at Trend Micro, Rajiv Motwani, claims that these .PDF files carry an attached harmful .TIFF file (Tag Image File Format). '.TIFF' is a famous image format that is used for storing high-quality images, as per the news by TrendLabs Malware Blog on March 25, 2010.

On processing by Adobe products having the aforementioned vulnerability, this attached .TIFF file stimulates the flaw as well as the execution of an arbitrary code. This time, a backdoor, detected as BKDR_RIPINIP.I by Trend Micro, is dropped and run on the targeted system.

As per the advocacy group of the reporter, the attack can hit journalists who wished to cover the program. Surely, one of the versions of the mails sent by a hacker to IDG News Service directly attacked people who had fill a spreadsheet to register for the Expo.

The security firm stated that .pdf attachments are a common type of attack and antivirus softwares are not able to detect the kinds of malware involved. In the afternoon of March 25, 2010, in China, Kaspersky was the only vendor out of 42 examined by VurusTotal that called the file in the fake Expo mail as harmful.

Further, the security experts claim that there was no concrete proof to indicate that the mail sent to foreign journalists had any link with the government. But it is said that the mail might have tie with the attacks that hit Google in January 2010 that attacked human rights activists.