|Detected||Dec 14 2010 11:42 GMT|
|Released||Dec 14 2010 17:42 GMT|
|Published||Sep 08 2011 12:00 GMT|
An exploit that uses vulnerabilities in the products Adobe – Reader and Acrobat for its implementation on the user's computer. The file is a PDF document containing an XFA (XML Forms Architecture) form that stores a malicious shell code. 2655 bytes.
The malicious PDF document contains a compressed data stream which, after opening the document, is unpacked as an XFA form. The trojan uses the vulnerability that arises on account of overfilling the buffer when incorrectly processing arguments in "libtiff.dll" (CVE-2010-0188) to download a file which is located at the following link:
http://on***al.me/smoke//drop.php?e=Adobe-90-2010-0188The trojan then saves the file in the working directory under the following name:
%WorkDir%\update.exeAfter successfully saving the file, the infected file is then launched for execution. The link did not work when creating the description. The trojan also creates a binary file with a malicious shell code in the working directory:
%WorkDir%\VersionThe file is given the attribute "Hidden". Vulnerable products include Adobe Reader and Acrobat 8 (up to version 8.2.1) and 9 (up to version 9.3.1).
If your computer has not been protected with anti-virus software and has been infected with malware, you will need to take the following actions to delete this:
%Temporary Internet Files%
Exploits are programs that contain data or executable code which take advantage of one or more vulnerabilities in software running on a local or remote computer for clearly malicious purposes.
Often, malicious users employ an exploit to penetrate a victim computer in order to subsequently install malicious code (for example, to infect all visitors to a compromised website with a malicious program). Additionally, exploits are commonly used by Net-Worms in order to hack a victim computer without any action being required from the user.
Nuker programs are notable among exploits; such programs send specially crafted requests to local or remote computers, causing the system to crash.