There are no obvious symptoms until the malware manages to infiltrate the system. This can happen when opening a crafted PDF file and the javascript code inside the file is executed.
Exploit:Win32/Pidief.D; Exploit:W32/AdobeReader.QQ
This is a generic detection for specially crafted PDF files which exploit different vulnerabilities found in Adobe PDF Reader's Javascript engine in order to execute malicious code on user's computer. The exploitation mainly involves the following two functions:
util.printf() - if an attacker sends a string long enough to generate a
stack-based buffer overflow he will then be able to
execute arbitrary code on user's computer with the
same level privileges as the user who opened the PDF
file
Collab.colectEmailInfo() - a stack-based buffer overflow can be
caused by passing a string long enough (at least 44952
characters) as a parameter in the msg field of this
function.
The Javascript function containing the actual exploit is specified in the OpenAction tag of the PDF file. Usually this function is encoded using zlib. After decompression sometimes the script is still obscured through one or more layers of encoding in order to avoid detection and make analysis more difficult. The javascript code inside the PDF file is used to download and execute other malware on user's computer.
Keep updated the sofware installed on your computer.
Please let BitDefender delete the infected files.
Download BitDefener now
No comments:
Post a Comment