Koreans are being targeted with memo malware

Security

by Jimmy Nicholls| 28 July 2014

Symantec warns of trojan dropped through free car inspection offer.

Hackers are attacking a Korean organisation with malware disguised as an internal memo offering a free car inspection, according to security firm Symantec.

Once downloaded the Baccamun trojan opens a backdoor on the infected machine, leaving the computer vulnerable to commands issued by the hacker as well as malicious downloads.

Symantec said: "With a Word document in decent Korean, a marker string that can be translated to a Japanese word, and a Japanese word represented in Chinese GB character codes, it can be difficult to make a guess at who the attacker is.

"However, it is likely that the attacker or attacker group is operating somewhere in East Asia and possesses multilingual skills."

The malware connects to a dynamic DNS that continually alters the domain name, preventing the hacker's location from being identified.

A Dropper trojan was also said to have been sent to the Korean organisation containing the same backdoor malware, disguised as an executable file named after a Japanese company.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

754 people like this.
0 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.