NEWS FROM THE LAB - Monday, November 8, 2010

Case Nobel Posted by Mikko @ 15:04 GMT

A month ago, the Nobel Committee awarded The Nobel Peace Prize to Mr. Liu Xiaobo. He was awarded for — to quote the prize committee — long and non-violent struggle for fundamental human rights in China.


Two weeks ago, the website of the prize (nobelpeaceprize.org) was hacked with a zero-day attack against Firefox.

Today, the Contagio blog has explosive news.

A targeted attack was launched yesterday, the 7th of November. The attack used an e-mail that was spoofed to look like it originated from oslofreedomforum.com. It didn't.

The spoofed e-mail looked like this:


If the file invitation.pdf (md5: 29DB2FBA7975A16DBC4F3C9606432AB2) is opened, it uses an exploit to crash Adobe Reader and then drops a backdoor to the system. The backdoor calls home to phile.3322.org.

To mask all that, this file is shown to the user:

[Image removed after a request from affected parties. The original image contained a very convincing invitation to the Nobel Peace Prize ceremony]

We don't know who launched the attack, or who the target was.

We detect the PDF file as Exploit.PDF-TTF.Gen and the backdoor as Trojan.Generic.4974556.

E-mail image credit: Contagio Malware Dump