Trojan that targets Adobe

By siliconindia | Monday, 12 October 2009, 21:39 IST | 1 Comments

Bangalore: Trend Micro, provider of virus protection software, has indentified a Trojan that targets Adobe Reader and Acrobat by dropping a backdoor onto computers using JavaScript. The Trojan is called 'Troj_Pidief.Uo' and comes in a PDF file containing JavaScript-based malware, 'Js_Agent.Dt' and then drops a backdoor called 'Bkdr_Protux.Bd.' according to Trend Micro's blog post. "Based on our findings, the shell code (that was heap-sprayed) jumps to another shell code inside the PDF file before extracting and executing the backdoor. The backdoor is also embedded in the PDF file and not the usual file downloaded from the web," according to the blog posting by Trend Micro. According to CNET, the blog post provides technical details on how the malware works, specifically the activity of its shell code, the piece of code that delivers the payload. The JavaScript is used to execute arbitrary codes in a technique known as 'heap spraying.' This exploit will affect Microsoft Windows 98, ME, NT, 2000, XP, and Server 2003. Variants of the Protux backdoor typically provide an attacker unrestricted user-level access to a compromised machine and previously exploited vulnerabilities in Microsoft Office files, according to Trend Micro. Both Microsoft and Adobe have announced that they will launch an update to fix the problem before it causes any serious damage.

Siliconindia

Trojan that targets Adobe

Featured Vendors

Singh Biotechnology: Unlocking the “Undruggable”

Eagle888: Bridging Global Capital and APAC Real Assets

Fixpliance AI: Fixing Compliance at the Speed of AI

Harness: Unified AI Platform for Faster, Safer Delivery

Straiker: Unlocking AI’s Future

Mem0: The Missing Link in AI at Scale