|Detected||Aug 17 2010 17:57 GMT|
|Released||Aug 18 2010 04:09 GMT|
|Published||Apr 05 2011 12:27 GMT|
This exploit program uses vulnerabilities in Adobe Reader and in Adobe Acrobat. It is a PDF document containing Java Script scenarios. It is 3727 bytes in size.
The malicious PDF document contains a compressed data stream, which unpacks when the document is opened and consists of obfuscated Java Script scenarios. Once the script is decrypted, the exploit program uses a vulnerability, which arises when calling the util.printd(), Doc.media.newPlayer (CVE-2009-4324) methods and downloads a file from the Internet from the following link:
http://dru***rma.com/x/loadpdf.php?ids=AMPlayerPDFThe downloaded file is saved in the current user's temporary files directory "%Temp%" as
%Temp%\e.exeThe downloaded file is then launched for execution.
If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:
Exploits are programs that contain data or executable code which take advantage of one or more vulnerabilities in software running on a local or remote computer for clearly malicious purposes.
Often, malicious users employ an exploit to penetrate a victim computer in order to subsequently install malicious code (for example, to infect all visitors to a compromised website with a malicious program). Additionally, exploits are commonly used by Net-Worms in order to hack a victim computer without any action being required from the user.
Nuker programs are notable among exploits; such programs send specially crafted requests to local or remote computers, causing the system to crash.