NEWS FROM THE LAB - Monday, January 2, 2006

Targeted WMF email attacks Posted by Mikko @ 12:17 GMT

Our colleagues and business partners at Messagelabs have stopped a very interesting WMF attack today.

A new WMF exploit file was spammed from South Korea to a targeted list of a few dozen high-profile email addresses.

The email urged recipients to open the enclosed MAP.WMF file - which exploited the computer and downloaded a backdoor from www.jerrynews[dot]com.

What makes the case really interesting was the cloak-and-dagger language used in the email which was spoofed to originate from US State Department's security unit.

From: tommy@security.state.gov, Confidential, Attached is the digital map for you. You should meet that man at those points seperately. Delete the map thereafter. Good luck, Tommy

Oh yeah? And should you get killed, we will disavow any knowledge of your actions. This tape will self-destruct in five seconds...