NEWS FROM THE LAB - Monday, May 28, 2012

Targeted Attack: London 2012 Olympics Posted by Sean @ 11:26 GMT

We've come across a malicious Olympic themed PDF earlier this morning while data mining our back end for documents which drop executables (those are never a good thing, unsurprisingly).

The PDF exploits CVE-2010-2883, which affects older versions of Adobe Reader and Acrobat. A typical PDF exploit will launch a clean decoy as part of its attack, and in this case, the decoy is a copy of the London 2012 Olympic schedule circa October 2010. The original source PDF can still be found online at: london2012.com.

London 2012 Olympics Games daily competition schedule
Click image to view a larger version.

The exploit attempts to make a network connection with a site registered to "student travel" in Baotoushi, China.


Takeaways: first, be wary of Olympic (and any other current event) themed e-mails that have attachments and/or links. Second, if you don't already have the current version of Adobe Reader, you really should go get it now.

SHA1: 205d3df97ecafeceac5219a0ba7f5236da2caa49