Targeted Attack: London 2012 Olympics

We’ve come across a malicious Olympic themed PDF earlier this morning while data mining our back end for documents which drop executables (those are never a good thing, unsurprisingly).

The PDF exploits CVE-2010-2883, which affects older versions of Adobe Reader and Acrobat. A typical PDF exploit will launch a clean decoy as part of its attack, and in this case, the decoy is a copy of the London 2012 Olympic schedule circa October 2010. The original source PDF can still be found online at:

London 2012 Olympics Games daily competition schedule
Click image to view a larger version.

The exploit attempts to make a network connection with a site registered to “student travel” in Baotoushi, China.

Takeaways: first, be wary of Olympic (and any other current event) themed e-mails that have attachments and/or links. Second, if you don’t already have the current version of Adobe Reader, you really should go get it now.

SHA1: 205d3df97ecafeceac5219a0ba7f5236da2caa49

On 28/05/12 At 11:26 AM

Read more: Targeted Attack: London 2012 Olympics

Story added 28. May 2012, content source with full text you can find at link above.