|
Details:
This Trojan arrives as attachment to email messages spammed by another malware or a malicious user.
It may be dropped by other malware.
It may be downloaded unknowingly by a user when visiting malicious Web site(s).
It is a specially-crafted .PDF file that exploits a known vulnerability in Adobe Reader 9.0 and earlier versions. This vulnerability may cause the said application to crash and may also allow a remote malicious user to take control over an affected system when a user views the said file. More information on the said vulnerability may be found here.
After successfully exploiting the vulnerability, it attempts to drop and execute the following file:
- %User Temp%\svohost.exe - detected as BKDR_KUPS.G
As a result, malicious routines of the dropped file are exhibited on the affected system.
This Trojan runs on Windows 98, ME, NT, 2000, XP, and Server 2003.
Analysis By: Emmanuel Alma
For additional information about this threat, see:
Overview
Solution
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
