myITforum.com
Welcome to myITforum.com Sign in | Join | Help
in Search
Site Home Home Bloggers List Blogs Photos Downloads

Harry Waldron - My IT Forums Blog

Sharing Security Developments, and Best Practices for corporate and home users

Major Malicious PDF attack underway using Adobe exploit

Email Please be very cautious with any PDF files received in EMAIL messages.  If you use Adobe, it's very important to move to the latest version 8.1.1 plus keep AV protection updated.

Malicious PDF files being spammed out in volume
http://www.f-secure.com/weblog/archives/00001303.html
http://www.f-secure.com/v-descs/exploit_w32_adobereader_k.shtml
http://www.avertlabs.com/research/blog/index.php/2007/10/24/pdf-mailto-exploit-seen-in-wild-today/
http://blogs.zdnet.com/security/?p=614
http://www.microsoft.com/technet/security/advisory/943521.mspx

QUOTE: Malicious PDF file (report.pdf or debt.2007.pdf or overdraft.2007.10.26.pdf or so) has been massively spammed through email during last hour and the spam run is still continuing. The PDF is spiced with CVE-2007-5020 exploit that downloads ms32.exe that downloads more componets. At this point it's not clear yet what is the final payload of the malware, because of missing files in the download chain. We are investigating further.

The subjects for the spam messages include:

Your credit report
Your credit points
Your balance report
Personal Financial Statement
Personal Credit Points
Personal Balance Report
Your Credit File
Balance Report

Published Oct 26 2007, 09:11 PM by hwaldron

Comments

No Comments

This Blog

Syndication
Copyright - www.myITforum.com, Inc. - 2007 All Rights reserved.
Powered by Community Server (Commercial Edition), by Telligent Systems