Cybercriminals exploit Kim Jong Il's death

Published December 21, 2011 7:48pm

Neither gloating nor mourning the death of North Korean leader Kim Jong Il, cybercriminals have started taking advantage of his demise to make a quick buck at computer users’ expense.

Computer security firm Trend Micro said spam messages with email subjects mentioning the death of Kim Jong Il have started reaching victims’ inboxes.

“The messages arrive with a .PDF attachment that has the file name ‘brief_introduction_of_kim-jong-il.pdf.pdf.’ The said file is of course malicious and is detected as TROJ_PIDIEF.EGQ,” it warned in a blog post.

It said the Trojan, once opened, opens a non-malicious PDF file to trick the user into thinking that it is a normal file. The PDF contains a picture of Kim Jong Il.

But another more malicious version has an attachment disguised as a Word document, with the filename “Kim_Jong_il___s_death_affects_N._Korea___s_nuclear_programs.doc.”

The second variant, detected as TROJ_ARTIEF, drops another file into the system - BKDR_PCCLIEN.BQD – which in turn connects to its command-and-control (C&C) server through port 8000.

“Under such circumstances, people are advised to stick to trusted sources when trying to get more information about noteworthy events,” Trend Micro said.

Not first time

Trend Micro said the North Korean leader was not the first political figure to be exploited by such cyberattacks. Other political figures whose “deaths” were similarly exploited include: