Home / malware Exploit:Win32/Pidief.A
First posted on 07 March 2009.
Source: SecurityHomeAliases :
Exploit:Win32/Pidief.A is also known as Also Known As:APSA09-01 (other), CVE-2009-0658 (other), TA09-051A (other), VU905281 (other), Mal/JSShell-B (Sophos), Bloodhound.PDF.8 (Symantec).
Explanation :
Exploit:Win32/Pidief.A is a detection for an exploit that targets a Portable Document Format (PDF) vulnerability. The critical vulnerability could result in the installation of additional malware when a malicious PDF document is opened using Adobe Reader version 9, or earlier.
Symptoms
There are no common symptoms associated with this threat. This exploit is activated when opening malicious PDF documents on vulnerable computers. Alert notifications from installed antivirus software may be the only symptom(s).
Exploit:Win32/Pidief.A is a detection for an exploit that targets a Portable Document Format (PDF) vulnerability. The critical vulnerability could result in the installation of additional malware when a malicious PDF document is opened using Adobe Reader version 9, or earlier.
Installation
This exploit may be introduced into the system by viewing or opening a malicious PDF document hosted on a Web site or attached to an e-mail message. Opening the malicious PDF document in an unprotected environment could activate the exploit code on vulnerable systems.
Payload
Downloads MalwareMalicious PDF documents contain an obfuscated JavaScript that when executed, triggers a buffer overflow in Adobe Acrobat. In the wild, exploits have been observed to decrypt and drop the following files: %TEMP%svchost.exe - Trojan:Win32/Redosdru.A%TEMP% emp.exe - Trojan:Win32/Redosdru.B<system folder><random characters>.dll - Trojan:Win32/Redosdru.E The above mentioned malware attempts to download other malware using HTTP protocol from the domain '3322.org'.
Analysis by Vitaly ZaytsevLast update 07 March 2009
