 | |
| |
| 20 Apr 2010 | #1 |
| | PDF Launch Feature Abused to Carry ZeuS/ZBOT Adobe products certainly have become a target. Personally, I replaced Adobe Reader with an alternate PDF Reader. There are a number of open source readers available from PDFreaders.org - Get a Free Software PDF reader!. Quote: The ZeuS/ZBOT malware continues to uphold its notorious reputation. As we have seen in the past, ZBOT variants steal account credentials when users visit various social networking, online shopping, and bank-related websites. Another social engineering tactic that has been employed by ZeuS/ZBOT perpetrators is the use of .PDF files. Specially crafted .PDF files have been used as a vehicle for malware propagation by exploiting different vulnerabilities discovered in Adobe Reader and Acrobat. Recently, however, we spotted a specially crafted .PDF file that drops a ZBOT variant without exploiting a vulnerability. Instead, this malicious file exploits a legitimate Adobe Reader feature. The said feature is the /launch function in the PDF specification, as security researcher Dieder Stevens demonstrated in his blog. This function allows a portable document author to attach an executable file and, via social engineering, trick users to save and run the embedded file. |
My System Specs | |
 |
PDF Launch Feature Abused to Carry ZeuS/ZBOT problems?
| Thread Tools | |
| Similar help and support threads for: PDF Launch Feature Abused to Carry ZeuS/ZBOT | ||||
| Thread | Forum | |||
| Microsoft Offers Insight into the Battle Against Zbot / Zeus | Security News | |||
| Free Microsoft Security Tool Armed to Kill the Zbot/ZeuS Botnet | News | |||
| ZeuS/ZBOT and SALITY Jump on the LNK Exploit Bandwagon | System Security | |||
| VirusTotal Brand Abused to Push Scareware. | Security News | |||
| Zeus-Themed Spam Used to Push Zeus. | Security News | |||
All times are GMT -5. The time now is 08:49 PM.
