Trend Micro was alerted to the discovery of a new attack that exploits a vulnerability in certain Adobe Reader and Acrobat versions. The said vulnerability allows remote attackers to execute arbitrary code via a crafted .PDF file using ZLib compressed streams on Microsoft OS-based systems.
Cybercriminals targeted contractors of the U.S. Department of Defense with spammed messages with a .PDF file attachment (detected by Trend Micro as TROJ_PIDIEFX.F) posing as a memorandum regarding a conference that will be held in Las Vegas sometime this March. Though the featured conference is real, the memo is not.
Upon execution, TROJ_PIDIEFX.F drops and executes another malicious file detected as TROJ_DLOADR.AUE. This attempts to connect to the remote site http://{BLOCKED}6.202.49 though as of this writing, the URL remains inaccessible.
 |
 |
Users are, however, also advised to apply the latest patch, which Adobe released last Tuesday. For more information on the said vulnerability, visit this Threat Encyclopedia page.
Trend Micro™ Smart Protection Network™ protects users by blocking the spammed messages and detecting and deleting the related malware. OfficeScan users with Intrusion Defense Firewall (IDF) plug-ins are also protected from this attack if their systems are updated with the IDF1003879 filter.
Share this article |
 |
        |
5 Responses to “Spam Attack Against the U.S. Defense Department Exploits an Adobe Vulnerability”
Trackbacks
- TrendMicro (TrendMicro)
- Vuelven los ataques en torno a San Valentín » blog.trendmicro.es
- Early Hearts’ Day Presents from Spammers | Malware Blog | Trend Micro
- Adobe Releases Out-of-Band Patch for Adobe Reader and Acrobat | Malware Blog | Trend Micro
- Adobe publica una corrección extraordinaria para Adobe Reader y Acrobat » blog.trendmicro.es
