Hackers abuse flaw in PDF files to spread viruses

Posted on Thursday, October 25 2007 @ 10:01 CEST by Thomas De Maesschalck
Symantec reports a new vulnerability in PDF files is abused to spread trojans:
One day later, we have discovered a new Trojan named Trojan.Pidief.A that actually exploits this vulnerability to compromise an unpatched computer. So far we have seen a fair number of emails containing this new Trojan in the wild. It is likely that Trojan.Pidief.A has been spammed out in targeted attacks on specific business organizations.

The Trojan will most likely arrive through email with a subject such as "invoice", "statement" or "bill" of some description, and just containing the .pdf file. So far we have seen the following file names used:

- INVOICE.pdf
- YOUR_BILL.pdf
- BILL.pdf
- STATEMET.pdf

The emails are using the following subject lines (note the misspellings):

- INVOICE alacrity
- INVOICE depredate

If the .pdf file is opened and the vulnerability exploited, it will run code that will download an executable named ldr.exe.


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments