News & Press releases

MX Lab intercepts maliciously crafted PDF files that opens door for trojan
26 October 2007

MX Lab is detecting and intercepting an increased distribution of maliciously crafted PDF files. These PDF files contain an exploit that could result in a complete access to the infected computer and affects Windows XP or Windows 2003.

When the PDF document is opened the Windows firewall will be disabled by using Netsh, a command-line scripting utility that allows you to, either locally or remotely, display or modify the network configuration of a computer that is currently running. The code will start downloading a trojan from the internet which may allow the attacker to take control over the infected computer.

Some of the email’s subject lines are:

Invoice alacrity
Invoice depredate
Statement indigene
Financial report
Credit statement

The attachment has a filesize of about 7 kB and has some of the following filenames:

BILL.pdf
INVOICE.pdf
YOUR_BILL.pdf
STATEMET.pdf

and more recently

report.2007.10.26.4968145.pdf
debt.2007.10.26.4032402.pdf

As always, users are strongly advised not to follow any unknown links, open untrusted documents, especially those in unsolicited emails and update Adobe Reader as soon as possible.