Exploit-PDF.ag

Content

Exploit-PDF.ag

Type: Trojan
SubType: Exploit
Discovery Date: 12/15/2009
Length: Varies
Minimum DAT: 5834 (12/16/2009)
Updated DAT: 6039 (07/10/2010)
Minimum Engine: 5.3.00
Description Added: 12/15/2009
Description Modified: 12/15/2009 10:07 PM (PT)

Risk Assessment

Corporate User: Low-Profiled
Home User: Low-Profiled

Tab Navigation

Characteristics

-- Update December 16, 2009 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at: http://www.theregister.co.uk/2009/12/15/adobe_zero_day/

These maliciously crafted PDF files exploits a vulnerability in Adobe Reader (CVE-2009-4324).

More information from the vendor at:

http://www.adobe.com/support/security/advisories/apsa09-07.html

When successful, recent variant drops and execute a malicious downloader currently detected as Generic Downloader.fg.

This downloads more malware from the following domain:

foruminspace.com

Currently downloaded malware is detected as Generic Dropper.og.

Symptoms

Unexpected network connections from the Adobe Reader.
In some cases, Adobe Reader crashes or terminates abnormally.

Method of Infection

These maliciously crafted PDF files exploits a vulnerability in Adobe Reader 9.2 or older.

Removal

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

N/A

All Information

Overview -

This detection covers maliciously crafted PDF files which attempts to exploit a vulnerability in Adobe Reader.

Characteristics

Characteristics -

-- Update December 16, 2009 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at: http://www.theregister.co.uk/2009/12/15/adobe_zero_day/

These maliciously crafted PDF files exploits a vulnerability in Adobe Reader (CVE-2009-4324).

More information from the vendor at:

http://www.adobe.com/support/security/advisories/apsa09-07.html

When successful, recent variant drops and execute a malicious downloader currently detected as Generic Downloader.fg.

This downloads more malware from the following domain:

foruminspace.com

Currently downloaded malware is detected as Generic Dropper.og.

Symptoms

Symptoms -

Unexpected network connections from the Adobe Reader.
In some cases, Adobe Reader crashes or terminates abnormally.

Method of Infection

Method of Infection -

These maliciously crafted PDF files exploits a vulnerability in Adobe Reader 9.2 or older.

Removal -

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A

McAfee > Theat Center > Virus Detail Page

Navigation

Utility Navigation

Content

Exploit-PDF.ag

Type

SubType

Discovery Date

Length

Minimum DAT

Updated DAT

Minimum Engine

Description Added

Description Modified

Risk Assessment

Tab Navigation

Overview

Characteristics

Symptoms

Method of Infection

Removal

Variants

Variants

All Information

Overview -

Characteristics

Characteristics -

Symptoms

Symptoms -

Method of Infection

Method of Infection -

Removal -

Removal -

Variants

Variants -

Threat Resources

Footer