miekiemoes has a secret admirer

October 27th, 2009

The following Czech site (otylkaaotesanek.cz ) contains an exploit:

In Google Chrome you will see a PDF automatically downloaded (thankfully I did not have Adobe reader installed on this machine)

The malware author took the time to credit this PDF to security researcher miekiemoes. That sounds pretty similar to a Dancho Danchev fan club

mikie

This is a malicious PDF:

Only one AV vendor from Virus Total (Sophos) detected this threat:

Opening the PDF with a vulnerable version of Adobe Reader will launch the following payload:

http://dom2cn.cn/13b/load.php?spl=pdf_exp

http://jzion.cn/etc242342534252435223/1.php

http://jzion.cn/etc242342534252435223/soft14.exe

dom2cn.cn/13b/load.php?spl=pdf_exp
jzion.cn/etc242342534252435223/1.php
jzion.cn/etc242342534252435223/soft14.exe

The last file is a Trojan detected by 35% of the AV vendors from Virus Total, at the time of writing.

Jerome Segura

Malware ID: t1L8XD644LtNd.pdf.zip

Warning: all links contained in this post may infect your computer!

This entry was posted on Tuesday, October 27th, 2009 at 10:41 am and is filed under Exploits. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

miekiemoes has a secret admirer

Comments: