\'I told you i used to be il\': malicious spam namechecks dead North Korean leader

Spam messages with i used to be was detected with subject lines relating the death of Kim Jong-il.

According to Trend Micro, a few of the messages arrive with a .PDF attachment that has the file name ‘brief_introduction_of_kim-jong-il.pdf.pdf'; the attachment contains the malicious file TROJ_PIDIEF.EGQ.

Michael Casayuran, anti-spam research engineer at Trend Micro, said TROJ_PIDIEF.EGQ opens a non-malicious PDF file, which includes an image of Jong-il and a brief biography of the previous North Korean leader.

“Aside from this actual spam attack, we've also encountered malicious documents that bear file names mentioning Kim Jong-il. Probably the most files we saw is a Word document and has a file name on the topic of North Korea's nuclear programmes and is detected as TROJ_ARTIEF.AEB. This file, when opened, drops another file into the system, detected as BKDR_PCCLIEN.BQD. This connects to its command and control server through port 8000,” said Casayuran.

“Here at TrendLabs, the death of a globally known person has become an automated trigger for us to peer for attacks attempting to taking advantage that allows you to protect our customers who're attempting to seek additional information. Such events generate global interest in a totally short period of time, so that they make marvelous social engineering lures.”