|Detected||Jul 08 2011 10:27 GMT|
|Released||Jul 08 2011 13:01 GMT|
|Published||Sep 19 2011 09:10 GMT|
An exploit that uses the vulnerabilities in Adobe – Reader and Acrobat products for its implementation on the user's computer. The file is an XFA (XML Forms Architecture) containing malicious Java Script. 48016 bytes.
The malicious XFA form content is initialized and launched after opening a specially created infected PDF document containing this form. As the "initialize" event handler in the XFA form, it uses obfuscated malicious Java Script. After removing the obfuscation, the trojan uses the vulnerability which arises on account of over-filling the buffer when incorrectly processing arguments in "libtiff.dll" (CVE-2010-0188) to download the file located at the following link:
http://qh***kbqfds.com/d.php?f=26&e=6The trojan then saves the file in the current user's temporary file directory under the following name:
%Temp%\file.dllAfter successfully saving the file, the trojan uses the command line to try and run the malicious library:
regsvr32 –s %Temp%\file.dllThe link did not work when creating the description. Vulnerable products include Adobe Reader and Acrobat 8 (up to version 8.2.1) and 9 (up to version 9.3.1).
If your computer has not been protected with anti-virus software and has been infected with malware, you will need to take the following actions to delete this:
MD5: 890b7b95360097e7aeffe11baa02bafa SHA1: 7c2ce30fb474111da909d2c712ca717e01d69b2d
Exploits are programs that contain data or executable code which take advantage of one or more vulnerabilities in software running on a local or remote computer for clearly malicious purposes.
Often, malicious users employ an exploit to penetrate a victim computer in order to subsequently install malicious code (for example, to infect all visitors to a compromised website with a malicious program). Additionally, exploits are commonly used by Net-Worms in order to hack a victim computer without any action being required from the user.
Nuker programs are notable among exploits; such programs send specially crafted requests to local or remote computers, causing the system to crash.