We’ve come across a malicious Olympic themed PDF earlier this morning while data mining our back end for documents which drop executables (those are never a good thing, unsurprisingly).

The PDF exploits CVE-2010-2883, which affects older versions of Adobe Reader and Acrobat. A typical PDF exploit will launch a clean decoy as part of its attack, and in this case, the decoy is a copy of the London 2012 Olympic schedule circa October 2010. The original source PDF can still be found online at: london2012.com.

Click image to view a larger version.

The exploit attempts to make a network connection with a site registered to "student travel" in Baotoushi, China.

Takeaways: first, be wary of Olympic (and any other current event) themed e-mails that have attachments and/or links. Second, if you don’t already have the current version of Adobe Reader, you really should go get it now.

SHA1: 205d3df97ecafeceac5219a0ba7f5236da2caa49 On 28/05/12 At 11:26 AM


via Noobsters Forums http://www.noobsters.org/showthread.php?69300-Targeted-Attack-London-2012-Olympics&goto=newpost