Russian Hacker Team Responsible for Attacks Using PDF Files
Russian Hacker Team Responsible for Attacks Using PDF Files

A security researcher has recently reported that the ongoing attacks using malicious PDF files are caused by one of the most notorious Russian hacker groups, called the Russian Business Network of RBN.

So, according to Ken Dunham, iSight Partners Inc.’s director of response, it is the Russian Business Network’s members that are behind the recent attacks that use malware-armed PDF attachments. These malicious PDF files have started to appear in the users’ email accounts’ inboxes starting this Tuesday and they have already started to succeed in infecting the Windows systems, which have been their initial targets.

This type of attack is installing on the infected computer system a pair of rootkit files that “sniff and steal financial and other valuable data”, as Ken Dunham has said. The computers could easily get infected because the Russian cybercrimilas use PDF documents that seem to be quite all right. However, the corrupted PDF files are being sent through spammed emails and arrive with filenames such as YOUR_BILL.pdf, BILL.pdf, STATEMENT.pdf or INVOICE.pdf

The Russian hackers have exploited the “mailto:” protocol vulnerability that has been disclosed by the U.K.-based security researcher Petko Petkov. The users have just to open the attacking PDF file, and the Trojan called Pidief.a is already launched and knocks out the Windows firewall. Pieces of malware are downloaded the computers is compromised. This is why this represents a highly dangerous type of attack and we all should be careful with the PDF spamm email.


Vote this article

© 2007 - 2009 - eNews 2.0 All Rights Reserved
 


  Send article by e-mail Print article AddThis Social Bookmark Button
 
specifics lacking
By anon, (2007-10-29 15:42)
Let's get the facts straight!
RBN, The Russian Business Network is an Internet Service Provider. They allow criminals to use their network for whatever activities they see fit. In order to use the network you need to prove that you are not a cop or federal agent, you must perform an illegal online act in order to be reviewed for the network. Then you will pay a hosting fee of 10 times the normal amount from anyone else.
Second of all, those PDFs have been going around for some time now. Truthfully, over a month! So you’re research must be kind of inaccurate and not so cutting edge. Problems like this wouldn’t happen if American Companies like Adobe wouldn’t outsource security to India! So expect to see a lot more security problems with Adobe Products!
RBN IS NOT A HACKING GROUP
By X, (2007-10-29 15:21)
RBN is an ISP not a hacking group. This is what happens when people who are self proclaimed experts get media attention.
 
 



 

dotclear
dotclear
 
 
 
Currency USD EUR GBP YEN
USD ------ 0.757 0.701 97.307
EUR 1.320 ------ 0.926 128.479
GBP 1.426 1.080 ------ 138.794
YEN 0.010 0.008 0.007 ------
 
 
 
 
eNews 2.0: Contact Us | Advertise With Us | RSS Feed | All News
eNews 2.0 Corporate: Copyright | Disclaimer | Privacy | About Us | Careers
Copyright © 2007 - 2009 - eNews 2.0 All Rights Reserved. All rights reserved.