PDF trojan exploits Adobe flaw

Posted by   Virus Bulletin on   Oct 24, 2007

Reader/Acrobat vulnerability targeted day after patch release.

A vulnerability in Adobe's popular PDF-viewing software Adobe Reader and editing suite Acrobat, first reported a month ago, was patched on Monday in an update released two weeks after the company issued a workaround to minimise exposure. The following day, PDFs containing exploits for the vulnerability were seen being spammed out in targeted attacks on businesses.

The spams contain PDF documents posing as bills or invoices, and once run, the trojan code (dubbed 'Trojan.Pidief.A' by Symantec and 'EXPL_Pidief.B' by Trend Micro) accesses vulnerable systems, disables the Windows firewall and downloads further trojans to complete the system penetration.

The vulnerability is thought only to affect users of Windows XP and Internet Explorer 7. Readers are advised to apply the update, available from Adobe here, and ensure all software including anti-virus is kept fully up to date and patched. More details on the attack are on the Symantec blog here.

Posted on 24 October 2007 by Virus Bulletin

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

Throwback Thursday: Giving the EICAR test file some teeth

The 68-byte EICAR test file plays as important a role today as it did 19 years ago. In this week's Throwback Thursday we look back at a VB99 conference paper in which Randy Abrams described how this 'miracle tool' worked and how it could be used.

XMRig used in new macOS cryptominer

A new piece of cryptocurrency-mining malware on macOS has been found to use the popular XMRig miner.

Tendency for DDoS attacks to become less volumetric fits in a wider trend

CDN provider Cloudflare reports an increase in DDoS attacks targeting layer 7 and focusing on exhausting server resources rather than sending large volumes of data. This fits in a wider trend.

Turkish Twitter users targeted with mobile FinFisher spyware

Through fake social media accounts, users were tricked into installing an Android application that was actually a mobile version of the FinFisher spyware.

Hide'n'Seek IoT botnet adds persistence

The Hide'n'Seek IoT botnet has received an update to make its infection persist on infected devices beyond a restart.