English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeDescriptionsExploit.JS.Pdfka.agu

Exploit.JS.Pdfka.agu

Detected Oct 15 2009 07:06 GMT
Released Oct 15 2009 12:05 GMT
Published Dec 20 2010 13:59 GMT

Technical Details
Payload
Removal instructions

Technical Details

This exploit program abuses vulnerabilities in Adobe Reader and Acrobat to run on the victim machine. It is a PDF document containing Java Script scenarios. It is 17,524 bytes in size.


Payload

The malicious PDF document contains a compressed data stream which unpacks when the document is opened and pretends to be an obfuscated Java Script scenario. After the script is decrypted, the malicious program exploits vulnerabilities in the processing of the util.printf method (CVE-2008-2992), Collab.GetIcon (CVE-2009-0927), and the vulnerability (CVE-2007-5659) in Adobe Reader and Adobe Acrobat, versions 9.1, 8.1.4, 7.1.1 and earlier. To exploit these vulnerabilities, the malicious program downloads a file from the Internet at the following link: 

http://www.el***tr.com/dm/load.php?e=2
At the time of writing, this file could not be downloaded.


Removal instructions

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

  1. Delete the original exploit file (its location will depend on how the program originally penetrated the victim machine).
  2. Install the following security patches:
    http://www.adobe.com/support/security/bulletins/apsb09-04.html
    http://www.adobe.com/support/security/bulletins/apsb09-06.html
    http://www.adobe.com/support/security/bulletins/apsb08-13.html
    http://www.adobe.com/support/security/advisories/apsa09-07.html
  3. Empty the Temporary Internet Files folder, which may contain infected files (How to delete infected files from Temporary Internet Files folder?).
  4. Update your antivirus databases and perform a full scan of the computer (Download a trial version of Kaspersky Anti-Virus).



Print
Bookmark and Share
Share
Trojans
Exploit

Exploits are programs that contain data or executable code which take advantage of one or more vulnerabilities in software running on a local or remote computer for clearly malicious purposes.

Often, malicious users employ an exploit to penetrate a victim computer in order to subsequently install malicious code (for example, to infect all visitors to a compromised website with a malicious program). Additionally, exploits are commonly used by Net-Worms in order to hack a victim computer without any action being required from the user.

Nuker programs are notable among exploits; such programs send specially crafted requests to local or remote computers, causing the system to crash.


Other versions
Exploit.JS.Pdfka.bys
Exploit.JS.Pdfka.cil
Exploit.JS.Pdfka.dcm
Exploit.JS.Pdfka.ddt
Exploit.JS.Pdfka.dna

Aliases

Exploit.JS.Pdfka.agu (Kaspersky Lab) is also known as:

  • Trojan: Exploit-PDF.q.gen (McAfee)
  • Troj/PDFEx-BP (Sophos)
  • Mal/JSBO-Gen (Sophos)
  • Exploit.PDF-2274 (ClamAV)
  • PDF/Pidief.T (FPROT)
  • Exploit:Win32/Pdfjsc.BH (MS(OneCare))
  • Exploit:Win32/Pdfjsc.BI (MS(OneCare))
  • Exploit.PDF.609 (DrWeb)
  • Exploit.JavaScript.21 (DrWeb)
  • Trojan.Script.244179 (BitDef7)
  • JS:Pdfka-NS [Expl] (AVAST)
  • Exploit.JS.Pdfka (Ikarus)
  • Downloader (NAV)
  • NseCheckFile2() returned 0x00010018 (Norman)
  • Hack.Exploit.Script.JS.Bucode.k (Rising)
  • Exploit.JS.Pdfka.agu [AVP] (FSecure)
  • JS_PIDIEF.SMLE (TrendMicro)
  • Exploit.PDF-JS.Gen (v) (Sunbelt)

© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search