Tech: PDF Reader Attack (Maybe)
Subject: Tech: PDF Reader Attack (Maybe)|
Date: 25 Feb 09 - 01:58 AM
An "urgent" warning has been posted by some security sites, while others are saying sort of "ho-hum;" but it might be well to be a little extra cautious with PDF files acquired in the next few days - or weeks.
A vulnerablility has been reported in Adobe PDF Reader with a very few attacks. It has been tentatively confirmed that the vulnerability also is present in the full PDF package.
No mention is made in the reports about whether other PDF readers are vulnerable, but the attack (as seen thus far) uses an embedded Java Script inside the malicious PDF to mess with your computer.
Adobe has said they're working on it in their PDF packages, and will have patches out by 11 March.
At least one AV maker says they have a "signature" so most AV programs should be able to block it soon if not immediately - if you keep updating.
Details, knowledgeable and otherwise, at Acrobat Reader Attack.
Subject: RE: Tech: PDF Reader Attack (Maybe)|
Date: 25 Feb 09 - 06:11 PM
I've picked up a trojan that might be related to this. It tries to start with internet explorer but AVG antivirus catches it. It's called "Trojan horse banker 4APVJ" and the path is ">system 32> AcroIEhelpe5.dll" I'm guessing that the "5" on the end is intended to make me think that it's ...helper, which I understand is a genuine file. I've looked in the system32 folder and I find a file called AcroIEhelpe5 but without the .dll This seems to be a text file but to be on the safe side I haven't tried opening it. I've deleted this text file saveral times but next time I look there it is again. The same file with the .dll can't be found. I've tried "Spybot search and Destroy" but it didn't find anything. Since AVG catches it I suppose it isn't doing any harm but I'd like to kill it altogether (along with the guy who created it, of course!).