Just got a phone call. Had to remove an image from my last blog post: http://bit.ly/c1S94U Sorry if you missed it.
Of course, I just had to click through to see what was removed and why. Mikko's post deals with the evolution of a Firefox zero-day found on the Nobel Peace Prize website in late October. This time around, attackers are exploiting interest in the Peace Prize via an Adobe Reader/Acrobat exploit (CVE-2010-2883. The exploit is contained in a PDF attachment carried by the email, which masquerades as an invite to the Nobel Prize ceremony.
The removed image that Mikko referenced in his Twitter post was the red herring file displayed when a victim opened the PDF. Curiosity seekers can still see a copy of the decoy in this Contagio blog. Basically, it's a very convincing-looking invitation to "celebrate human rights and the universal message of Liu Xiaobo".
Mary Landesman is an antivirus professional and senior security researcher for ScanSafe, now part of Cisco. In 2009 she was awarded a Microsoft MVP for her work in consumer security.