Signature Detail
Sid 2090727071
Summary Exploit-PDF.t [McAfee] is also known as Exploit:Win32/Pdfheap.A [Microsoft], Trojan.Pidief.G [Symantec] and Exploit.SWF.Agent.bs [Kaspersky]. This malware exploits an unspecified vulnerability (CVE-2009-1862) in Adobe Reader and Acrobat 9.0 - 9.1.2, and Adobe Flash Player 9.0 - 9.0.159.0 and 10.x - 10.0.22.87. The attack vectors include using a PDF document or a SWF file.
Impact Exploit-PDF.t is an exploit for the vulnerability CVE-2009-1862 present in Adobe products in versions prior to Acrobat 9.1.3 , Acrobat Reader 9.1.3 and Flash 9.0.246. The vulnerability is due to lack of sanitation of code instructions when multiple Flash streams are included in the malware PDF file. This malware drops a Trojan identified which in turn drops a root-kit and a backdoor on the infected system. While the root-kit hides the presence of malware, the backdoor attempts to make covert connections with predefined remote servers. It communicates with the remote servers sending system information, and waits to receive commands. The communication protocol used is HTTP but the data being sent is encrypted using a custom cipher.
Detailed Information Exploit-PDF.t McAfee is also known as Exploit:Win32/Pdfheap.A Microsoft , Trojan.Pidief.G Symantec and Exploit.SWF.Agent.bs Kaspersky . This malware exploits an unspecified vulnerability (CVE-2009-1862) in Adobe Reader and Acrobat 9.0 - 9.1.2, and Adobe Flash Player 9.0 - 9.0.159.0 and 10.x - 10.0.22.87. The attack vectors include using a PDF document or a SWF file. Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1862url>
Affected Systems Microsoft -- Windows -- All Versions
Attack Scenarios Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1862url>
Ease of Attack NA
False Positives Not Known
False Negatives Not Known
Corrective Action Configure your security Devices to detect and block this Malware.
Contributors Cyberoam Threat Research Labs
Additional References http://www.symantec.com/security_response/writeup.jsp?docid=2009-072209-2512-99&tabid=1