We all knew it was coming, so I doubt anyone is going to be shocked to learn that SophosLabs is reporting they have now seen the first instance of a malicious PDF file utilizing the Launch action. Paul from SophosLabs did a short blog posting found here: Troj/PDFEx-DF: SophosLabs sees malware exploiting /Launch. Now my only question concerning this instance is whether or not the malicious PDF file contained the logic or feature set to perform incremental updates on other PDF files. Adobe will be releasing their official patch for the Launch action tomorrow, but from all that I can tell it will not address the incremental update issue at all.
View full post on sudosecure.net
Related Posts
- First Real /Launch “Escape from PDF” Malware Seen in the Wild
The real danger with the /Launch escape from PDF proof of concept that Didier Stevens published is no longer a mystery to the malicious malware developers out there, as a recent sample I acquired does... - Surrounded by Malicious PDFs
Malicious PDF files and related exploits are invading the Net. Looking at the CVE records in the National Vulnerability Database for Adobe products, we see a dramatic increase in 2009.
Since January ... - Malicious PDFs find a novel way of running JavaScript
Earlier this year I gave a talk at the Virus Bulletin conference in Vancouver about malicious PDFs.As a consequence of that paper, I received a number of enquiries from other researchers working in th... - Another PDF Launch Action Oddity
It has been a few months since I posted anything here but tonight as I was fiddling around with the Launch action within a PDF file I discovered another oddity that I thought would make an interesting... - Malicious PDFs: A summary of my VB2010 presentation
Last week, I presented at VB2010 a talk that was well received in the room and on the wires. A number of people have requested copies of or links to my presentation and paper (thanks to Helen Martin ... - Quickpost: Preventing the /Launch Action “cmd.exe” Bypass
Adobe has released a new Adobe Reader version that contains functionality to block my /Launch action PoC, but Bkis found a bypass: just put double quotes around cmd.exe, like this: “cmd.exeR... - Malicious PDFs cause trouble at the Ministry
It seems someone compromised the ministryofrum(dot)com recently, replacing an understanding and appreciation of rum with malicious PDF files instead.
The site is fixed now, but compare the clean s... - Increased Use of MultiPart Malicious JavaScripts in the Wild
Malicious JavaScript code used to be contained in single .JS or .HTML files, which made malicious JavaScript analysis and detection pretty straightforward.
However, in the past few days, a couple of d... - PDF Scanner: detecting malicious PDFs
Today I wrote a simple program that scans PDF files and detects the malicious ones.
7 malicious PDFs downloaded from malwaredomainlist.com and mdl.paretologic.com
493 good PDFS downloaded from a reput... - Zero-Day Flash/Acrobat Exploit Seen In The Wild
On Friday, Adobe released a security advisory announcing a zero-day exploit found in specific Adobe Flash Player versions. Tagged as critical, the vulnerability (CVE-2010-1297) causes the application...
Posted on 03 May 2010. Tags: /Launch, Action, Malicious, PDFs, Seen, utilizing, Wild
[...] Todos sabíamos que iba a venir, así que dudo que alguien vaya a estar en shock al enterarse de que SophosLabs informa que ahora han visto la primera instancia de un archivo PDF malicioso que utiliza la acción de lanzamiento. Pablo de SophosLabs ha hecho un blog corto desplazamiento encontrar aquí: Troj / PDFEx-DF: SophosLabs ve la explotación de malware / Lanzamiento. Ahora [. . . ] URL del artículo original http://www.sudosecure.net/archives/669 [...]
Awesome. We just released our PDF Launch Action exploit PoC and I sent it up to Virus Total. NONE of the major AV spotted it other than the McAfee Gateway. Standard McAfee did not spot it. (visit the Insight blog of our website for the PoC).
[...] Beveiligingsexpert Jeremy Conway vraagt zich af of het kwaadaardige PDF-bestand andere PDF-bestanden kan aanpassen. Conway ontwikkelde [...]