![]() ![]() A secondary DLL is also dropped in the %windows%system32 folder (overwriting a system file) and injected into an instance of SVCHOST.EXE. The dropped malicious file will subsequently trigger the download of an infected file from remote locations (the samples analyzed by BitDefender would attempt to connect to and download a file called xslu.exe). Here’s a short movie to demonstrate the attack Upon its successful execution, the shell-code would decrypt and drop a binary file under the name c:-.exe. If the PDF file is opened within a browser (which is the most common scenario with links displayed on compromised web pages, forums, sent via e-mail or instant messaging), the embedded SWF file forces the heap-sprayed shell-code to be executed. Once opened, the javascript triggers the decryption of a shell-code that will be subsequently heap-sprayed. Labeled as CVE-2010-1297, the exploit is currently exploited in the wild. Just like the previous Adobe exploits we have written in the past, the attack vector is represented by a malformed PDF file that contains both a specially crafted javascript and an embedded. ![]() The BitDefender Antimalware labs have just performed an emergency update to add detection for a zero-day exploit atack affecting the Adobe Reader, Acrobat and Flash Player applications. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |