Malware type: Trojan

Aliases: No Alias Found

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

Malware Overview

This Trojan may be downloaded from a certain remote site.

It is a specially crafted .PDF file that exploits a known vulnerability in Acrobat Reader 8.1.2 or earlier versions. This vulnerability causes the application to crash and could potentially allow an attacker to take control of the affected system. More information about the said vulnerability can be found at the following links:

• http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2641
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2641
• http://www.auscert.org.au/render.html?it=9501

This Trojan accesses a URL to download a file which Trend Micro detects as TROJ_DLOAD.BO. It then executes the downloaded file. As a result, malicious routines of the downloaded file are exhibited on the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jun. 20, 2008 5:36:37 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.