13 Nov '13, 3am

G20 Summit documents used as bait for RATs (Remote Access Trojans)

G20 Summit documents used as bait for RATs (Remote Access Trojans)

An email masqueraded to be sent on behalf of a G20 representative. The ‘building blocks’ mentioned are the theme of multiple documents, which discuss the UK government’s feedback on a series of building blocks to address development, anti-corruption, and employment. Attached to the email is a RAR archive file. The archive contains five files. Of the five files, two of them masquerade as different file types. One of the documents is actually an executable, while the .msg file is a .lnk file. When victim tries to run the .msg file, the .msg file will run both the malicious executable and one of the non-malicious documents. The victim will be shown a non-malicious document. What is interesting about these documents is that each of them has track changes enabled and contains the reported comments from the UK called out in the original e-mail. The malicious executable that runs...

Full article: http://justinlee.sg/2013/09/19/g20-summit-documents-used-...

Tweets