EXPL_PIDIEF.B - Description and solution

TrendLabs Malware Blog

Glossary

TrendWatch

TrendLabs Twitter

EXPL_PIDIEF.B

Overview

Solution

Technical Details

Malware type: Exploit

Aliases: Exploit.Win32.PDF-URI.b (Kaspersky), Exploit-PDF.a (McAfee), Trojan.Pidief.A (Symantec), EXP/PDF.URI.Gen (Avira),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows XP

Encrypted: No

Overall risk rating:

Reported infections:
Damage potential:		High
Distribution potential:		Low

Infection Channel 1 : Spammed via email

Description:

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

EXPL_PIDIEF.B Behavior Diagram

Malware Overview

This is the Trend Micro detection for an exploit code that takes advantage of the PDF Mailto vulnerability in Adobe Acrobat and Adobe Reader 8.1. The said vulnerability allows an arbitrary code to execute on an affected system.

For more information regarding the abovementioned vulnerability, refer to the following Web page:

Adobe Security Advisory APSB07-18

This exploit code arrives as an attachment to email messages spammed by another malware or a malicious user. Once it successfully takes advantage of the abovementioned vulnerability, it connects to a certain Web site to download and execute a malicious file detected by Trend Micro as TSPY_PAPRAS.CF. As a result, routines of the downloaded spyware are exhibited on the affected system.

This exploit code also executes a command line instruction to disable the Windows Firewall.

For additional information about this threat, see:
Solution
Technical Details

Description created: Oct. 23, 2007 9:27:31 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.