\'I told you i used to be il\': malicious spam namechecks dead North Relating

Spam messages with malicious attachments has been detected with subject lines regarding the death of Kim Jong-il.

According to Trend Micro, one of the vital messages arrive with a .PDF attachment that has the file name ‘brief_introduction_of_kim-jong-il.pdf.pdf'; the attachment contains the malicious file TROJ_PIDIEF.EGQ.

Michael Casayuran, anti-spam research engineer at Trend Micro, said TROJ_PIDIEF.EGQ opens a non-malicious PDF file, which includes an image of Jong-il and a quick biography of the previous North Korean leader.

“Aside from this actual spam attack, we've also encountered malicious documents that bear file names mentioning Kim Jong-il. Among the many files we saw is a Word document and has a file name on the subject of North Korea's nuclear programmes and is detected as TROJ_ARTIEF.AEB. This file, when opened, drops another file into the system, detected as BKDR_PCCLIEN.BQD. This connects to its command and control server through port 8000,” said Casayuran.

“Here at TrendLabs, the death of a globally known person has become an automated trigger for us to appear for attacks looking to taking advantage with a purpose to protect our customers who're seeking to search for additional information. Such events generate global interest in a extremely short period of time, so that they make marvelous social engineering lures.”