A Targeted Attack Against The Syrian Ministry of Foreign Affairs
Several days ago, a number of leaked documents from the “Syrian Ministry of Foreign Affairs” were published on “Par:AnoIA”, a new wikileaks-style site managed by the Anonymous collective.
One of our users notified us of a suspicious document in the archive which is detected by our anti-malware products as Exploit.JS.Pdfka.ffw. He was also kind enough to send us a copy of the e-mail for analysis.
We’ve checked the e-mail, which contains a PDF file with an exploit (CVE-2010-0188, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0188), a typical spear-phishing attack: