2017 GSN Airport, Seaport, Border Security Awards 

April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

January 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

Cyber attack using PDFs targets industries

Malware PDF

A new kind of targeted cyber attack against defense, chemical and technology industries is slipping into networks under the guise of PDF files, said cyber security experts.

FireEye Malware Intelligence Lab and Kaspersky Labs noted on Aug. 15 that the new malware has the makings of a targeted attack campaign against several high-value industries, including the defense, chemical, technology and aerospace industries that uses a Trojan program rigged to PDFs to deliver its payload. The MyAgent Trojan is primarily spreading through email as a zipped .exe file or PDF attachment, according to researchers writing on FireEye’s blog site.

FireEye researchers said they had been tracking malware they called “Trojan.MyAgent” for some time. The malware is currently using email as its primary vector of propagation, they said and that data FireEye’s Malware Protection Cloud (MPC), indicated it was targeting the industries

“We have seen different versions of this malware arriving as an exe inside a zipped file or as a PDF attachment,” said the researchers. The emails are disguised as PDF files that have been labeled “Health Insurance and Welfare Policy,” in some instances. Once the file is opened, the malware is unleashed, it said. In addition to opening up a PDF file, the malware can also drop another executable called ABODE32.exe in the temp directory. The typo in ABODE32 is intentional, they said. Both the dropper and the dropped executables have decent detection on VirusTotal (VT).

FireEye noted the ‘ABODE32.exe’ executable accesses Windows Protected Storage, which holds the passwords for IE, Outlook, and other applications.

Once it gets a foothold on the infected system, the malware connects back to its command and control server, said the group, the user agent string and URI of which are hard-coded into MyAgent’s binary. In addition to this, FireEye said it noticed the malware loading different DLLs to communicate with its command and control. Despite MyAgent’s relatively high detection rate, said FireEye, its dynamic intermediary stages put the malware in the “advanced” category.


Recent Videos

“Varian’s Imaging Components business has a 50 plus year history of dedication to the imaging industry.”—Sunny Sanyal, Senior Vice President and...
IntraLogic's official release of the "One Button" Lockdown system on CBS 2 News.
HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile...