Red Condor Detects Sophisticated One-Two Punch Malware Campaign

Red Condor issued a warning of a new sophisticated email malware threat that spoofs YouTube and uses a redirect on a compromised website to a common Canadian Pharmacy web site to distribute malicious PDFs via drive-by download. The pharmacy page is actually a red herring that has distracted many security researchers from the true motive of these campaigns, a stealth drive-by download. With a single click, users can infect their computers.

The malware, which as of the morning of June 9, 2010 had not been detected by any anti-virus engines, comes in the form of a malicious PDF download. Red Condor has captured 10 versions of the malicious PDF, which likely exploits vulnerabilities in Adobe Acrobat. The campaign appears to be part of a much larger attack first detected by Red Condor several weeks ago (see Red Condor blog entry April 23, 2010) and has also recently spoofed Facebook and Twitter, among other popular brands. As unsuspecting users wait for what they believe is a YouTube or Twitter friend request, a greeting card, or even a Facebook login page to load, their browsers download and execute the malicious code, and then the Canadian Pharmacy page appears.

Click here to read the entire release.