We got reports for a massive scam sent to colombian users claiming to be from one of the two credit score agencies in Colombia. The agency is called Datacredito, affiliated to experian. The following e-mail was received:
This e-mail poses as an alert for a false negative report to the credit agency. It comes with an attached PDF with the following information:
The file does not show malicious payload when scanned by antimalware software. However, this file has a PDF structure. Ater using PDFStreamDumper for reviewing, the following interesting information appeared:
This PDF has malicious scripting, which instructs the reader to download and execute the URL shown in the previous URL. After downloading the file shown in that URL, which is live at this time, a keylogger is downloaded.
Malicious PDFs are still a problem. If you want to avoid falling into one of this scams, please remember the following:
- Have the last version of acrobat reader installed in your computer
- Do not open attachments from unknown sources
- Do not enable scripting in your acrobat reader configuration. Keep it turned off.
Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
msantand at isc dot sans dot org
(c) SANS Internet Storm Center. http://isc.sans.edu
Creative Commons Attribution-Noncommercial 3.0 United States License.