New PDF exploit?
in [Viruses]
|
From: Virus Guy on 17 Mar 2010 09:46 I'm pretty sure that this is a PDF exploit of some sort, but a VirusTotal scan comes up with zero hits. ------------------- %PDF-1.5 %���� 1 0 obj<</Pages 2 0 R/Type/Catalog>> endobj 2 0 obj<</Count 0/Kids[]/Type/Pages>> endobj 3 0 obj<</ModDate(D:20100317004957-04'00')/CreationDate(D:20100317004957-04'00')>> endobj xref 0 4 0000000000 65535 f 0000000016 00000 n 0000000060 00000 n 0000000105 00000 n trailer <</Size 4/Root 1 0 R/Info 3 0 R/ID[<a581d5372aac49438528a4260c1cdf09><a581d5372aac49438528a4260c1cdf09>]>> startxref 195 %%EOF ------------------ A link to the actual file is here: www.fileden.com/files/2008/7/19/2010382/ Acr1395.TMP Warning: Don't click on that link unless you know what you're doing. That is most probably a live pdf exploit.
From: FromTheRafters on 17 Mar 2010 14:39 "Virus Guy" <Virus(a)Guy.com> wrote in message news:4BA0DD44.182C46A5(a)Guy.com... > I'm pretty sure that this is a PDF exploit of some sort, but a > VirusTotal scan comes up with zero hits. > Warning: Don't click on that link unless you know what you're doing. > That is most probably a live pdf exploit. I didn't see anything bad (not sure I would know) - but a lot of their content comes from bomb-mp3.com: http://safeweb.norton.com/report/show?url=http%3A%2F%2Fwww.bomb-mp3.com Ringtones?
From: Ant on 17 Mar 2010 16:07 "Virus Guy" wrote: > I'm pretty sure that this is a PDF exploit of some sort Why? There's no content. Acrobat won't open it (no pages) and Foxit won't either.
From: Dustin Cook on 19 Mar 2010 20:03 Virus Guy <Virus(a)Guy.com> wrote in news:4BA0DD44.182C46A5(a)Guy.com: > I'm pretty sure that this is a PDF exploit of some sort, but a > VirusTotal scan comes up with zero hits. Here's a relatively easy way for you to check some of the exploits out... Open the pdf in a hex editor, head for the end of the file or it's tail. See if you can identify any http://www.i'mgoingtohereifyouopenme.com or similar; if you find it; you can remove it with the hex editor and continue with the analysis of the pdf. Using software which doesn't succum to the Adobe branded pdf readers will also keep you safer if you decide to have a peek inside. > Warning: Don't click on that link unless you know what you're doing. > That is most probably a live pdf exploit. For the sake of n00bs safety; please munge any potentially hazardous links so that someone won't be able to accidently (click happy users especially) click and put themselves in harms way. -- "Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge this boulder right down a cliff." - Goblin Warrior
|
Pages: 1 Prev: How to turn off acrobat association in Java? Next: Ad-Aware Internet Security/Lavasoft |