Home / malware Exploit:Win32/Pdfjsc.YF
First posted on 24 October 2019.
Source: MicrosoftAliases :
Exploit:Win32/Pdfjsc.YF is also known as PDF/Exploit.ACN, Exploit.PDF-JS.BL, Exploit.Win32.Pdfjsc, Exploit.JS.Pdfka.ffs, Troj/PDFEx-ET.
Explanation :
Exploit:Win32/Pdfjsc.YF is a specially-crafted Portable Document File (PDF), which exploits a vulnerability in Adobe Acrobat and Adobe Reader discussed in the following articles:
CVE-2010-0188 APSB10-07
Exploit:Win32/Pdfjsc.YF has been observed to be hosted in the following servers:
eatingforbetterlife.net inn ts.info mo uslik.ru
Exploit:Win32/Pdfjsc.YF contains JavaScript and is part of the "Backhole" exploit kit. When executed, it checks what version of Adobe Acrobat or Adobe Reader is running in the affected computer. If the computer is running a vulnerable version of the software, Exploit:Win32/Pdfjsc.YF connects to the same servers that it may be hosted in and attempts to download and execute certain files. A downloaded file may be named "wpbt0.dll", which is then loaded with the following command:
regsvr32 -s wpbt0.dll
The servers are unavailable as of this writing.
Analysis by Horea CoroiuLast update 24 October 2019
