Similar Searches

  • Targeted Attack Using Journalists as a Lure (June 8, 2010)

    We found a new malicious XLS file which contains lots of names, details and contact information for journalists around the world:This file was e-mailed to unknown persons, apparently

  • H1N1 Themed Targeted Attack (June 15, 2009)

    The H1N1, formerly known as swine, flu continues to make headlines… though the trends peaked earlier this month.And while there hasn't been widespread use of H1N1 themes for malicious attacks, we have seen some limited

  • Targeted Attacks with Excel Files (July 16, 2010)

    We've previously shown screenshots of document files used in targeted espionage attacks. Most often, those have been PDF files, as they are the most commonly used filetype in such attacks.But here's a fresh set of attacks

  • DOWNAD/Conficker Watch: New Variant in The Mix? (April 8, 2009)

    Days after the April 1st activation date of Conficker, nothing interesting was seen so far in our Downad/Conficker monitoring system except the continuous checking of dates and times via Internet sites, checking of updates via HTTP, and the increasing

  • Spying via XLS files (April 20, 2009)

    We see targeted attacks and espionage with trojans regularily. Here's a typical case.A malicious Excel XLS file (md5: 3c740451ef1ea89e9f943e3760b37d3b) was emailed to a target - apparently to just one person.When opened, this is what

Related News

  • Targeted Attack Using Journalists as a Lure (June 8, 2010)

    We found a new malicious XLS file which contains lots of names, details and contact information for journalists around the world:This file was e-mailed to unknown persons, apparently

  • H1N1 Themed Targeted Attack (June 15, 2009)

    The H1N1, formerly known as swine, flu continues to make headlines… though the trends peaked earlier this month.And while there hasn't been widespread use of H1N1 themes for malicious attacks, we have seen some limited

  • Targeted Attacks with Excel Files (July 16, 2010)

    We've previously shown screenshots of document files used in targeted espionage attacks. Most often, those have been PDF files, as they are the most commonly used filetype in such attacks.But here's a fresh set of attacks

  • DOWNAD/Conficker Watch: New Variant in The Mix? (April 8, 2009)

    Days after the April 1st activation date of Conficker, nothing interesting was seen so far in our Downad/Conficker monitoring system except the continuous checking of dates and times via Internet sites, checking of updates via HTTP, and the increasing

  • Spying via XLS files (April 20, 2009)

    We see targeted attacks and espionage with trojans regularily. Here's a typical case.A malicious Excel XLS file (md5: 3c740451ef1ea89e9f943e3760b37d3b) was emailed to a target - apparently to just one person.When opened, this is what

Latest News

Security vulnerabilities in Pligg CMS version 1.0.4

The correct CV(or malware)

Zombie game inspires scammers to target your brains

We are good at finding names

To infinity and beyond

Watch Out for flower-show.org

We saw a pretty PDF file today (md5: 116d92f036f68d325068f3c7bbf1d535).

It looks like this:



Nice flowers.

Unfortunately, when viewing the file, it uses an exploit against Adobe Reader and drops and runs a file called 1.exe.

This executable is a Poison Ivy backdoor. It calls home to a host called cecon.flower-show.org. Whoever controls the computer at that address gains remote access to the target computer. The PDF was used in a targeted espionage attack against an unknown target.

We've seen the domain flower-show.org before, already in 2009. Then another PDF called home to posere.flower-show.org.



Today, both of those host names resolve to 202.150.213.12, which is not in China. It's in Singapore.





On 08/02/10 At 02:54 PM

Continue reading...


Source: F-Secure Antivirus Research Weblog

  • Targeted Attack Using Journalists as a Lure (June 8, 2010)

    We found a new malicious XLS file which contains lots of names, details and contact information for journalists around the world:This file was e-mailed to unknown persons, apparently

  • H1N1 Themed Targeted Attack (June 15, 2009)

    The H1N1, formerly known as swine, flu continues to make headlines… though the trends peaked earlier this month.And while there hasn't been widespread use of H1N1 themes for malicious attacks, we have seen some limited

  • Targeted Attacks with Excel Files (July 16, 2010)

    We've previously shown screenshots of document files used in targeted espionage attacks. Most often, those have been PDF files, as they are the most commonly used filetype in such attacks.But here's a fresh set of attacks

  • DOWNAD/Conficker Watch: New Variant in The Mix? (April 8, 2009)

    Days after the April 1st activation date of Conficker, nothing interesting was seen so far in our Downad/Conficker monitoring system except the continuous checking of dates and times via Internet sites, checking of updates via HTTP, and the increasing

  • Spying via XLS files (April 20, 2009)

    We see targeted attacks and espionage with trojans regularily. Here's a typical case.A malicious Excel XLS file (md5: 3c740451ef1ea89e9f943e3760b37d3b) was emailed to a target - apparently to just one person.When opened, this is what

Write a Comment

Copyright © 2010 The Security Blog. All rights reserved.