Trojan that targets Adobe
Trend Micro, provider of virus protection software, has indentified a Trojan that targets Adobe Reader and Acrobat by dropping a backdoor onto computers using JavaScript. The Trojan is called 'Troj_Pidief.Uo' and comes in a PDF file containing JavaScript-based malware, 'Js_Agent.Dt' and then drops a backdoor called 'Bkdr_Protux.Bd.' according to Trend Micro's blog post.
"Based on our findings, the shell code (that was heap-sprayed) jumps to another shell code inside the PDF file before extracting and executing the backdoor. The backdoor is also embedded in the PDF file and not the usual file downloaded from the web," according to the blog posting by Trend Micro.
According to CNET, the blog post provides technical details on how the malware works, specifically the activity of its shell code, the piece of code that delivers the payload. The JavaScript is used to execute arbitrary codes in a technique known as 'heap spraying.' This exploit will affect Microsoft Windows 98, ME, NT, 2000, XP, and Server 2003.
Variants of the Protux backdoor typically provide an attacker unrestricted user-level access to a compromised machine and previously exploited vulnerabilities in Microsoft Office files, according to Trend Micro. Both Microsoft and Adobe have announced that they will launch an update to fix the problem before it causes any serious damage.
"Based on our findings, the shell code (that was heap-sprayed) jumps to another shell code inside the PDF file before extracting and executing the backdoor. The backdoor is also embedded in the PDF file and not the usual file downloaded from the web," according to the blog posting by Trend Micro.
According to CNET, the blog post provides technical details on how the malware works, specifically the activity of its shell code, the piece of code that delivers the payload. The JavaScript is used to execute arbitrary codes in a technique known as 'heap spraying.' This exploit will affect Microsoft Windows 98, ME, NT, 2000, XP, and Server 2003.
Variants of the Protux backdoor typically provide an attacker unrestricted user-level access to a compromised machine and previously exploited vulnerabilities in Microsoft Office files, according to Trend Micro. Both Microsoft and Adobe have announced that they will launch an update to fix the problem before it causes any serious damage.
Replies
-
Kaustubh KatdareThanks for the information. Thread moved to InFocus.
You are reading an archived discussion.
Related Posts
hi..
i want to know how to write tan inverse x in C
dear all,
i am an mca pursurer, just want to know about new matlab project ideas on DSP and remote desktop connections can u please put ur suggestions on this
Google says that they work directly with several satellite imaging providers for their Google Maps & Google Earth products.
DigitalGlobe, one such satellite imaging provider, has launched a new satellite...
One of the most popular social networking sites, Hi5 is launching a new site [I'm guessing makeover]. It looks like Hi5 is now trying to integrate flash based gaming into...
Dictionary.com has launched a new app for Blackberry users. The latest application provides over 500,000 words & also pronunciation.
Dictionary.com’s BlackBerry app is free!