Content
Exploit-PDF.ag
- Type
- Trojan
- SubType
- Exploit
- Discovery Date
- 12/15/2009
- Length
- Varies
- Minimum DAT
- 5834 (12/16/2009)
- Updated DAT
- 6309 (04/07/2011)
- Minimum Engine
- 5.4.00
- Description Added
- 12/15/2009
- Description Modified
- 05/17/2011 12:48 AM (PT)
Risk Assessment
- Corporate User
- Low-Profiled
- Home User
- Low-Profiled
Tab Navigation
Characteristics
-- Update December 16, 2009 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at: http://www.theregister.co.uk/2009/12/15/adobe_zero_day/
--
These maliciously crafted PDF files exploits a vulnerability in Adobe Reader (CVE-2009-4324).
More information from the vendor at:
When successful, recent variant drops and execute a malicious downloader currently detected as Generic Downloader.fg.
This downloads more malware from the following domain:
- foruminspace.com
Currently downloaded malware is detected as Generic Dropper.og.
Symptoms
- Unexpected network connections from the Adobe Reader.
- In some cases, Adobe Reader crashes or terminates abnormally.
Method of Infection
These maliciously crafted PDF files exploits a vulnerability in Adobe Reader 9.2 or older.
Removal
All Users:
Please use the following instructions for all supported versions of Windows to remove threats and other potential risks:
1.Disable System Restore (Windows ME/XP only).
2.Update to current engine and DAT files for detection and removal.
3.Run a complete system scan.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
General repair may be unsuccessful in some instances. If this occurs, please submit a sample for further evaluation.
Variants
Variants
N/A
All Information
Overview -
This detection covers maliciously crafted PDF files which attempts to exploit a vulnerability in Adobe Reader.
Characteristics
Characteristics -
-- Update December 16, 2009 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at: http://www.theregister.co.uk/2009/12/15/adobe_zero_day/
--
These maliciously crafted PDF files exploits a vulnerability in Adobe Reader (CVE-2009-4324).
More information from the vendor at:
When successful, recent variant drops and execute a malicious downloader currently detected as Generic Downloader.fg.
This downloads more malware from the following domain:
- foruminspace.com
Currently downloaded malware is detected as Generic Dropper.og.
Symptoms
Symptoms -
- Unexpected network connections from the Adobe Reader.
- In some cases, Adobe Reader crashes or terminates abnormally.
Method of Infection
Method of Infection -
These maliciously crafted PDF files exploits a vulnerability in Adobe Reader 9.2 or older.
Removal -
Removal -
All Users:
Please use the following instructions for all supported versions of Windows to remove threats and other potential risks:
1.Disable System Restore (Windows ME/XP only).
2.Update to current engine and DAT files for detection and removal.
3.Run a complete system scan.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
General repair may be unsuccessful in some instances. If this occurs, please submit a sample for further evaluation.
Variants
Variants -
N/A