Thursday, February 21, 2013

Mandiant APT2 PDF Malware

That didn't take long at all.

http://blog.9bplus.com/mandiant-apt2-report-lure

https://threatpost.com/en_us/blogs/spear-phishing-campaigns-use-fake-mandiant-apt1-report-lure-022113

http://www.symantec.com/connect/blogs/malicious-mandiant-report-circulation

So, I got a notification from corporate security that there was a piece of malware around that it taking advantage of the popularity of Mandiant's APT1 report.  That's a huge deal, but one should really be checking downloads against Mandiant's posted MD5s anyways.

Bottom-line:  do not open it (verifiy the PDF if you can...if you can't don't open it).

I've reported it to ISC.


Post a Comment