Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Trend Micro threat analysts were alerted to the discovery of a zero-day exploit that affects Adobe Reader and Acrobat 9.1.3 and earlier versions (CVE-2009-3459). Trend Micro detects this as TROJ_PIDIEF.UO. This .PDF file contains an embedded JavaScript, which Trend Micro detects as JS_AGENTT.DT. This JavaScript is used to execute arbitrary codes in a technique known as heap spraying. In addition, there is a possibility that a future variant may be created that does not use JavaScript to exploit the said vulnerability.

    Based on our findings, the shellcode (that was heap sprayed) jumps to another shellcode inside the .PDF file. The said shellcode then extracts and executes a malicious file detected by Trend Micro as BKDR_PROTUX.BD. The said backdoor is also embedded in the .PDF file and not the usual file downloaded from the Web. Protux variants are known for their ability to provide unrestricted user-level access to a malicious user. Earlier variants of the Protux backdoor were seen to have been used as payload in previous attacks exploiting vulnerabilities in Microsoft Office files.

    Click Click

    As of this writing, Adobe has indicated that it will include this vulnerability in its upcoming security update release. Meanwhile, users are recommended to disable JavaScript in Adobe Acrobat/Reader to mitigate the said attack. To do this, they should follow these steps:

    1. Run Acrobat or Adobe Reader.
    2. Go to Edit > Preferences.
    3. Select JavaScript under the Categories tab.
    4. Uncheck the “Enable Acrobat JavaScript” option.
    5. Click OK.

    Users are also advised to patch their systems as soon as Adobe releases the security patch. Trend Micro protects users with the Smart Protection Network by detecting the said exploit.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice