The report, APT1: Exposing One of China's Cyber Espionage Units, published by Mandiant earlier this week has drawn worldwide attention by both the security world and the general public. This interest is due to the conclusion the report has drawn regarding the origin of targeted attacks, using advanced persistent threats (APT), performed by a certain group of attackers dubbed the Comment Crew. You can read Symantec’s response to the report here.
Today, Symantec has discovered someone performing targeted attacks is using the report as bait in an attempt to infect those who might be interested in reading it. The email we have come across is in Japanese, but this does not mean there are no emails in other languages spreading in the wild. The email purports to be from someone in the media recommending the report. As you can see in Figure 1, the attachment is made to appear like the actual report with the use of a PDF file and the name of the company as the file name. However, like in many targeted attacks, the email is sent from a free email account and the content of the email uses subpar language. It is obvious to a typical Japanese person reading the email that it was not written by a native speaker.
When the fake report, which Symantec detects as Trojan.Pidief, is opened, a blank PDF is shown but in the background exploit code for Adobe Acrobat and Reader Remote Code Execution Vulnerability (CVE-2013-0641) is executed.
read more......http://www.symantec.com/connect/blogs/malicious-mandiant-report-circulation