Wednesday, June 09, 2010

New widespread spam with PDF exploit

The antivirus labs are currently seeing a spam run pushing a PDF exploit. The emails look like this:

From: random addresses
To: random recipients
Subject: New Resume

Please review my CV, Thank You!

Attachment: resume.pdf

This PDF attachment it's attempting to use the PDF /launch feature. The PDF's MD5 is cff871a36828866de1f42574be016bb8. If allowed to run, the exploit will drop an alureon/dnschanger trojan.

Beware of attachments from spam mails, even the files with non-executable extensions could be dangerous.

No comments: