Content
Exploit-PDF.ag
- Type
- Trojan
- SubType
- Exploit
- Discovery Date
- 12/15/2009
- Length
- Varies
- Minimum DAT
- 5834 (12/16/2009)
- Updated DAT
- 6039 (07/10/2010)
- Minimum Engine
- 5.3.00
- Description Added
- 12/15/2009
- Description Modified
- 12/15/2009 10:07 PM (PT)
Risk Assessment
- Corporate User
- Low-Profiled
- Home User
- Low-Profiled
Tab Navigation
Characteristics
-- Update December 16, 2009 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at: http://www.theregister.co.uk/2009/12/15/adobe_zero_day/
--
These maliciously crafted PDF files exploits a vulnerability in Adobe Reader (CVE-2009-4324).
More information from the vendor at:
When successful, recent variant drops and execute a malicious downloader currently detected as Generic Downloader.fg.
This downloads more malware from the following domain:
- foruminspace.com
Currently downloaded malware is detected as Generic Dropper.og.
Symptoms
- Unexpected network connections from the Adobe Reader.
- In some cases, Adobe Reader crashes or terminates abnormally.
Method of Infection
These maliciously crafted PDF files exploits a vulnerability in Adobe Reader 9.2 or older.
Removal
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
Variants
Variants
N/A
All Information
Overview -
This detection covers maliciously crafted PDF files which attempts to exploit a vulnerability in Adobe Reader.
Characteristics
Characteristics -
-- Update December 16, 2009 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at: http://www.theregister.co.uk/2009/12/15/adobe_zero_day/
--
These maliciously crafted PDF files exploits a vulnerability in Adobe Reader (CVE-2009-4324).
More information from the vendor at:
When successful, recent variant drops and execute a malicious downloader currently detected as Generic Downloader.fg.
This downloads more malware from the following domain:
- foruminspace.com
Currently downloaded malware is detected as Generic Dropper.og.
Symptoms
Symptoms -
- Unexpected network connections from the Adobe Reader.
- In some cases, Adobe Reader crashes or terminates abnormally.
Method of Infection
Method of Infection -
These maliciously crafted PDF files exploits a vulnerability in Adobe Reader 9.2 or older.
Removal -
Removal -
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A