back to article Poisoned PDF pill used to attack US military contractors

Unidentified hackers are running an ongoing cyber-espionage attack targeting US military contractors Booby-trapped PDF files, posing as messages from the US Department of Defense, were emailed to US defence contractors last week. The document refers to a real conference due to be held in Las Vegas in March. Opening the …

COMMENTS

This topic is closed for new posts.
  1. gollux
    Paris Hilton

    Javrobat..

    Better hurry up and upgrade to your new Acrobat Espionage Enabled Reader, 'cause we all like giving away secrets.

    Shh, don't tell Paris though... She doesn't want to be reminded about that stupid phone.

  2. John Smith 19 Gold badge
    Stop

    No problme provided they have the latest patches installed then

    Oh, we are talking US Government Con-tractors.

  3. Tom 7

    At last - a use for Pointless Document Format

    NT

  4. Flocke Kroes Silver badge

    Javascript again

    Yet another exploit that depends on javascript. Adding javascript to PDF was an outstandingly stupid idea. Plenty of PDF readers do not implement javascript. Just pick one not made by Adobe. The only content you will miss is malware.

  5. Neal 5

    Good work, John

    Good to see at last that someone finally recognizes that IE isn't the only attack vector available or in use by hackers.

    Having been pilloried for pointing out that fact in comments on other stories, it's a brave man who would make such a true statement.

    Of course, I expect to get massacred again, only for actually agreeing with a story, which doesn't contain purely anti Microsoft browser sputum.

  6. Big-nosed Pengie

    Could it be

    that this attack only works on one particular operating system?

    Enquiring minds want to know.

    1. Don Buchholz
      Black Helicopters

      CVE says Windows and MacOS-X vulnerable

      The F-Secure article links to CVE-2009-4324, which states both Windows and MacOS X systems are vulnerable.

  7. Ammaross Danan
    FAIL

    Of course....

    Of course, one would wonder who would open an attachment in an email that perhaps has spelling/grammer mistakes in line with "USA Department of Defence invite you too our Las Vegas show!" (see if you notice all of what's wrong in that statement) or other common spam-from-non-native-English-speakers issues.

  8. Mark 65

    Acrobat Reader

    Why? I mean, just why? I'm so glad that Preview on the Mac covers all this stuff and I used to use Foxit Reader on Windows. Can't understand anyone using that bloated puss from Adobe.

  9. Tom Ring

    And they just keep using MS products

    Moe Rons

  10. Mephistro
    Thumb Down

    Amazing

    I find difficult to believe that 'U.S. military contractors' wouldn't use secure email accounts in their communications with their Government. Another proof of the excellent work F.B.I., N.S.A. et all. are doing protecting their country from terrorists, pedophiles, drug dealers and OMG, now spies.

    The USA is going to hell in a basket, and the only problem I have with that is that the rest of the western world is following the same path. :(

  11. Iggle Piggle

    Was it just me

    But this morning I woke up to find that four of the big names in IT recruitment had sent me nearly identical emails thanking me for my recent registration (I've not had need of their services for half a year now) and linking me to nearly identically named pdf files located in nearly identical folders on their servers.

    Each message has a subject of "A brief message from ***** : Ref No C??????" and then go on to list PDF files in a folder called legal/FCN split up by geographic region.

    Perhaps I'm just getting paranoid.

  12. Alex-TheManfromUncle
    WTF?

    Heh "Avoid Detection"

    From the F-Secure article:

    "In order to avoid detection, it bypasses the local web proxy when doing this connection. "

    So that'll mean it'll show up on the firewall then... Oh wait.. you mean it wasn't set up accordingly??

    Shirley, you can't be serious?

  13. Robert Carnegie Silver badge

    Whereas here

    My office is in the fifth great year of Adobe Reader 7.0.5. (Well... I'm not sure we got 7.0.5 when it first came out. But we've got it now.)

    Probably we couldn't run your exploits if we wanted to, and if hackers are sufficiently professional to shred their files after three years, I guess we're pretty safe.

  14. Tom 13
    Flame

    @Mephistro

    Um, using your secure email to connect to a non-secure email system violates security protocol. Therefore defense contractors tend to have at least two email accounts, one of which is not secure for general use. I say at least one, because they may work with multiple levels of security and the same rules apply for each increased level of security.

    Please, use your head for something other than a mobile hat rack.

This topic is closed for new posts.

Other stories you might like