Koreans are being targeted with memo malware

Data Jimmy Nicholls

09:05, July 28 2014


Symantec warns of trojan dropped through free car inspection offer.

Hackers are attacking a Korean organisation with malware disguised as an internal memo offering a free car inspection, according to security firm Symantec.

Once downloaded the Baccamun trojan opens a backdoor on the infected machine, leaving the computer vulnerable to commands issued by the hacker as well as malicious downloads.

Symantec said: "With a Word document in decent Korean, a marker string that can be translated to a Japanese word, and a Japanese word represented in Chinese GB character codes, it can be difficult to make a guess at who the attacker is.

"However, it is likely that the attacker or attacker group is operating somewhere in East Asia and possesses multilingual skills."

The malware connects to a dynamic DNS that continually alters the domain name, preventing the hacker's location from being identified.

A Dropper trojan was also said to have been sent to the Korean organisation containing the same backdoor malware, disguised as an executable file named after a Japanese company.

Source: Company Press Release

get a cbr Cyber Security weekly update

Terms & Conditions & Privacy Policy.


Post a comment

Comments may be moderated for spam, obscenities or defamation.