new malware attack method by email adobe PDF with embedded word macro

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

dvk01

Derek
Thread Starter
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
watch out for this new malware attack method by email
http://myonlinesecurity.co.uk/invoice-519658-colin-fox-pdf-malware/

This email contains a genuine PDF which has embedded scripts that will infect you. So far none of the automatic analysis tools can find any malicious content but it is trying to send multicast messages.

I am being told that this evil pdf when opened in adobe reader drops a word document containing macros, so DO NOT SAVE OR OPEN THIS PDF FILE: Just delete the email and any attachment as soon as it appears in your inbox. There appear to be several different versions of the PDF malware dropper although all are named the same and every copy that I have seen is the same file size ( 23kb) The malicious Macro inside the dropped word document ( VirusTotal) from one of the malicious PDFs downloads and executes -> hxxp://bepminhchi.com/83/61.exe ( virus total). There will almost certainly be different download locations depending on which version of the PDF you originally received.

Luckily enough Adobe reader in recent versions has Protected view automatically enabled and unless you press the button to enable all features, you will be safe from this attack


If you do enable all features, then you have a second chance to protect yourself, by pressing either cancel or never allow opening files of this type on the pop up warning. Pressing allow WILL almost certainly automatically open the word doc and run the malicious macro so infecting you. Make sure Adobe reader ( or any other PDF reader software) is updated to the latest version to protect you. Older versions are vulnerable to these attacks. If using Adobe make sure you uncheck any additional offerings of security scans/Google chrome or toolbars that it wants to include in the download
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top