- Sep 15, 2008
- 5,056
- 199
- 116
Has anyone heard of this? I just read through this and it's kinda scary!
http://www.bleepingcomputer.co...index.php/t175838.html
Synopsis of symptoms:
--
SUMMARY: In short, there are some sites that performing remote code execution based on security vulnerabilities in unpatched or un-updated versions of Adobe Acrobat (Reader and Full) version 7 and 8. The rootkit is sent encapsulated in a PDF file and security holes in Acrobat allow the rootkit file to execute after reception. This is the entry point for the rootkit infection. Even if virus scanners peek inside PDF files, it would not be able to detect malicious code if the PDF was encrypted.
Once inside the job of the fake "sysaudio.sys" appears to be to make it easier for its comrades (other infections) to come onboard while limiting user ability to get rid of it.
http://www.bleepingcomputer.co...index.php/t175838.html
Synopsis of symptoms:
--
SUMMARY: In short, there are some sites that performing remote code execution based on security vulnerabilities in unpatched or un-updated versions of Adobe Acrobat (Reader and Full) version 7 and 8. The rootkit is sent encapsulated in a PDF file and security holes in Acrobat allow the rootkit file to execute after reception. This is the entry point for the rootkit infection. Even if virus scanners peek inside PDF files, it would not be able to detect malicious code if the PDF was encrypted.
Once inside the job of the fake "sysaudio.sys" appears to be to make it easier for its comrades (other infections) to come onboard while limiting user ability to get rid of it.