{"id":79,"date":"2010-06-09T09:57:08","date_gmt":"2010-06-09T14:57:08","guid":{"rendered":"http:\/\/www.wilsonpr.com\/?p=79"},"modified":"2010-07-21T10:00:38","modified_gmt":"2010-07-21T15:00:38","slug":"red-condor-detects-sophisticated-one-two-punch-malware-campaign","status":"publish","type":"post","link":"https:\/\/www.wilsonpr.com\/?p=79","title":{"rendered":"Red Condor Detects Sophisticated One-Two Punch Malware Campaign"},"content":{"rendered":"

\"\"<\/a>Red Condor<\/a> issued a warning of a new sophisticated email malware threat that spoofs YouTube and uses a redirect on a compromised website to a common Canadian Pharmacy web site to distribute malicious PDFs via drive-by download. The pharmacy page is actually a red herring that has distracted many security researchers from the true motive of these campaigns, a stealth drive-by download. With a single click, users can infect their computers.<\/p>\n

The malware, which as of the morning of June 9, 2010 had not been detected by any anti-virus engines, comes in the form of a malicious PDF download. Red Condor has captured 10 versions of the malicious PDF, which likely exploits vulnerabilities in Adobe Acrobat. The campaign appears to be part of a much larger attack first detected by Red Condor several weeks ago (see Red Condor blog entry April 23, 2010<\/a>) and has also recently spoofed Facebook and Twitter, among other popular brands.\u00a0As unsuspecting users wait for what they believe is a YouTube or Twitter friend request, a greeting card, or even a Facebook login page to load, their browsers download and execute the malicious code, and then the Canadian Pharmacy page appears.<\/p>\n

Click here<\/a> to read the entire release.<\/p>\n","protected":false},"excerpt":{"rendered":"

Red Condor issued a warning of a new sophisticated email malware threat that spoofs YouTube and uses a redirect on a compromised website to a common Canadian Pharmacy web site to distribute malicious PDFs via drive-by download. The pharmacy page is actually a red herring that has distracted many security researchers from the true motive […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[23,24,4],"_links":{"self":[{"href":"https:\/\/www.wilsonpr.com\/index.php?rest_route=\/wp\/v2\/posts\/79"}],"collection":[{"href":"https:\/\/www.wilsonpr.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wilsonpr.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wilsonpr.com\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wilsonpr.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=79"}],"version-history":[{"count":2,"href":"https:\/\/www.wilsonpr.com\/index.php?rest_route=\/wp\/v2\/posts\/79\/revisions"}],"predecessor-version":[{"id":83,"href":"https:\/\/www.wilsonpr.com\/index.php?rest_route=\/wp\/v2\/posts\/79\/revisions\/83"}],"wp:attachment":[{"href":"https:\/\/www.wilsonpr.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=79"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wilsonpr.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=79"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wilsonpr.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=79"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}