Follow:

 

Exploit:Win32/Pidief.B


Exploit:Win32/Pidief.B is a detection for an exploit that targets a Portable Document Format (PDF) vulnerability. The critical vulnerability could result in the installation of additional malware when a malicious PDF document is opened using Adobe Reader version 9, or earlier.


What to do now

Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.

Threat behavior

Exploit:Win32/Pidief.B is a detection for an exploit that targets a Portable Document Format (PDF) vulnerability. The critical vulnerability could result in the installation of additional malware when a malicious PDF document is opened using Adobe Reader version 9, or earlier.
 
Installation
This exploit may be introduced into the system by viewing or opening a malicious PDF document hosted on a Web site or attached to an e-mail message. Opening the malicious PDF document in an unprotected environment could activate the exploit code on vulnerable systems.
 
Payload
Downloads Malware
In the wild, exploits have been observed to download malware from the following Web sites using HTTP:
 
78.26.179.61
 
Malicious programs downloaded from the site could be stored into the Windows system folder using filenames such as '~.exe'. At the time of this writing, the HTTP request generates a 404 error (destination requested not found).
 
Analysis by Wei Li

Symptoms

There are no common symptoms associated with this threat. This exploit is activated when opening malicious PDF documents on vulnerable computers. Alert notifications from installed antivirus software may be the only symptom(s).

Prevention


Alert level: Severe
First detected by definition: 1.51.888.0
Latest detected by definition: 1.51.888.0 and higher
First detected on: Feb 22, 2009
This entry was first published on: Mar 02, 2009
This entry was updated on: Apr 17, 2011

This threat is also detected as:
  • CVE-2009-0658 (other)
  • Bloodhound.Exploit.213 (Symantec)