Middle Eastern Respiratory Syndrome, or MERS, has claimed 32 lives in a recent outbreak. Hackers are reportedly exploiting peoples’ health concerns via a spear phishing attack.
Researchers at Trend Micro found that a Japanese mass media company was targeted by the scam, which says it has an attachment claiming to provide information about the prevention of MERS. In reality, it was delivering a backdoor program. The attachment came in the form of a CHM file, which delivers software documentation and contains simply organised HTML pages. It also downloads resources from online locations – in this case the CHM file wanted to install ZXShell, a backdoor that would allow attackers access to manage commands on the victim’s system.
CHM files is supposedly becoming more more common as a means of spreading threats or performing targeted attacks, due to its ability to remain as a legitimate file right up until the point it actually runs. Experts also say that it can bypass Windows security measures as well.
Some commentators fear that this case is part of a cyber-espionage campaign, since there was no clear financial motive behind the attacks.
http://news.softpedia.com/news/backdoor-delivered-to-japanese-media-company-in-mers-themed-spear-phishing-485613.shtml