SecurityHome.eu Trojan:Win32/Pdfphish.A

Home / malware PDF

Trojan:Win32/Pdfphish.A

First posted on 15 February 2012.
Source: Microsoft
Aliases :
There are no other names known for Trojan:Win32/Pdfphish.A.
Explanation :
Trojan:Win32/Pdfphish.A is a PDF file with a malformed hyperlink that links to other malware.

Top

Trojan:Win32/Pdfphish.A is a PDF file with a malformed hyperlink that links to other malware.

Installation

This trojan commonly arrives as a file attached to spam email messages with a forged "from" email address. The following is an example of the PDF file content and malicious link:

Payload

Downloads other malware
When the malicious PDF file is opened and the embedded hyperlink is visited, it will link to malware hosted on a remote server. In the wild, the hyperlink was linked to malware detected as PWS:Win32/Zbot.gen!R and PWS:Win32/Zbot.gen!U.

Analysis by Rodel Finones

Last update 15 February 2012

TOP

Malware :

Backdoor:Win32/Heloag.A
Exploit:Win32/CVE-2011-3402
Trojan:Win32/Obfac
Exploit:Win32/Pdfjsc.YP
TrojanDownloader:Win32/Bofang.B

Last 20

Family:

Trojan:Win32/Pdfphish.BU
Trojan:Win32/Pdfphish.A