TROJ_PIDIEF.BVS
October 08, 2012
PLATFORM:
Windows 98, ME, NT, 2000, XP, Server 2003
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
Threat Type: Trojan
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
Once a malware successfully exploits the said vulnerability, it causes certain actions to be done on the system.
TECHNICAL DETAILS
File Size: Varies
File Type: PDF
Memory Resident: No
Initial Samples Received Date: 11 Nov 2009
Payload: Downloads files
Download Routine
This Trojan takes advantage of the following software vulnerabilities to download possibly malicious files:
- Adobe Multiple Products PDF JavaScript Method Buffer Overflow
- Adobe Acrobat and Reader Collab 'getIcon()' JavaScript Method Remote Code Execution Vulnerability
- Adobe Reader And Acrobat util.printf Stack Buffer Overflow
After successfully exploiting the said vulnerability, this malware connects to the following URLs to possibly download other malicious files:
- http://{BLOCKED}3.com/ajopqw2.exe
- http://{BLOCKED}3.com/click.php?rs
Other Details
Once a malware successfully exploits the said vulnerability, it causes the following actions to be done on the system:
- Executes the downloaded files