FANDOM


Exploit-PDF.a is an exploit worm for a specially crafted PDF file that exploits the Adobe Acrobat Mailto Unspecified PDF File Security Vulnerability to execute malicious code on a computer. This exploit is known as CVE-2007-5020.

More information regarding this vulnerability can be found at the Adobe site.

Indication of InfectionEdit

The following list of malicious attachment have been observed in the wild:

  • BILL.PDF
  • INVOICE.PDF
  • STATEMET.PDF
  • YOUR_BILL.PDF

Methods of InfectionEdit

On opening the PDF attachment, code is silently run to perform the following actions, and Windows Firewall is disabled via the netsh command. It then downloads and executes a password stealer from this web address (now removed):

http://81.95.146/ldr.exe

This password stealer trojan is detected as Spy-Agent.bg.

AliasesEdit

  • EXP/CVE-5020.A (Avira)
  • EXPL_PIDIEF.B (Trend Micro)
  • Exploit-PDF.a and Exploit.Win32.AdobeReader.b (Kaspersky)
  • PDF/Exploit.Shell.A (ESET)
  • Trojan.Pidief.A (Symantec)

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.