Adobe Exploit puts Backdoor on Computers
October 12, 2009 by admin
Filed under Security News
82 views Leave a Comment
A new zero-day exploit targeting Adobe Reader, as well as 9.1.3 and earlier versions of Adobe Systems’ Acrobat, drops a backdoor onto computers using JavaScript, Trend Micro researchers warned on Friday.
Trend Micro identified the exploit as a Trojan horse dubbed “Troj_Pidief.Uo” in a blog post. It arrives as a PDF file containing JavaScript-based malware, “Js_Agent.Dt,” and then drops a backdoor called “Bkdr_Protux.Bd.”
The exploit affects Microsoft Windows 98, ME, NT, 2000, XP, and Server 2003, according to Trend Micro.
The blog post provides technical details on how the malware works, specifically the activity of its shell code, the piece of code that delivers the payload. The JavaScript is used to execute arbitrary codes in a technique known as “heap spraying.”
“Based on our findings, the shell code (that was heap-sprayed) jumps to another shell code inside the PDF file” before extracting and executing the backdoor, Trend Micro said. The backdoor “is also embedded in the PDF file and not the usual file downloaded from the Web.”
Variants of the Protux backdoor typically provide an attacker unrestricted user-level access to a compromised machine and previously exploited vulnerabilities in Microsoft Office files, according to Trend Micro.
Adobe announced on Thursday that it would release an update to fix the hole on Tuesday, the same day as Microsoft’s Patch Tuesday.
This screenshot shows the embedded executable file in the PDF file, after it has been decrypted.
Source : Cnet (Credit: Trend Micro)
Related posts:
- New Mac backdoor Trojan horse discovered
- Fake Conflicker.B Infection Alert puts internet users at risk
- Adobe products struck by zero-day attacks
- Adobe Patch Tuesday to bring automatic updates
- Microsoft Warns of IE Exploit Code in The Wild
