We’ve come across a malicious Olympic themed PDF earlier this morning while data mining our back end for documents which drop executables (those are never a good thing, unsurprisingly).
The PDF exploits CVE-2010-2883, which affects older versions of Adobe Reader and Acrobat. A typical PDF exploit will launch a clean decoy as part of its attack, and in this case, the decoy is a copy of the London 2012 Olympic schedule circa October 2010. The original source PDF can still be found online at: london2012.com.
Click image to view a larger version.
The exploit attempts to make a network connection with a site registered to “student travel” in Baotoushi, China.
Takeaways: first, be wary of Olympic (and any other current event) themed e-mails that have attachments and/or links. Second, if you don’t already have the current version of Adobe Reader, you really should go get it now.
SHA1: 205d3df97ecafeceac5219a0ba7f5236da2caa49
Leave a reply
