Home > ParetoLogic Blogs > Malware Diaries > miekiemoes has a secret admirer
Reply
 
Thread Tools Display Modes
  #1  
Old 10-27-2009, 07:41 PM
Michael Michael is offline
Administrator
Join Date: May 2007
Posts: 313
Default miekiemoes has a secret admirer
The following Czech site (otylkaaotesanek.cz ) contains an exploit:

mikie1

In Google Chrome you will see a PDF automatically downloaded (thankfully I did not have Adobe reader installed on this machine)

mikie2

The malware author took the time to credit this PDF to security researcher miekiemoes. That sounds pretty similar to a Dancho Danchev fan club ;-)

mikie

mikie3

This is a malicious PDF:

mikie4

Only one AV vendor from Virus Total (Sophos) detected this threat:

mikie5

Opening the PDF with a vulnerable version of Adobe Reader will launch the following payload:
http://dom2cn.cn/13b/load.php?spl=pdf_exp

http://jzion.cn/etc242342534252435223/1.php

http://jzion.cn/etc242342534252435223/soft14.exe

dom2cn.cn/13b/load.php?spl=pdf_exp
jzion.cn/etc242342534252435223/1.php
jzion.cn/etc242342534252435223/soft14.exe

The last file is a Trojan detected by 35% of the AV vendors from Virus Total, at the time of writing.

Jerome Segura

Malware ID:*t1L8XD644LtNd.pdf.zip

Warning: all links contained in this post may infect your computer!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


Terms of Use