is a malicious PDF file that exploits a vulnerability in Adobe Acrobat and Adobe Reader.
The vulnerabilities, discussed in CVE-2010-0188, allow this malware to download and run arbitrary files.
The following versions of Adobe Acrobat and Adobe Reader are vulnerable to this exploit:
Adobe Acrobat and Adobe Reader earlier than 8.2.1
Adobe Acrobat and Adobe Reader earlier than 9.3.1
Downloads arbitrary files
If Exploit:Win32/Pdfjsc.ADM successfully exploits a vulnerable computer, it executes shellcode to download and install other malware, including variants from the following families:
In the wild, we have observed the malware being downloaded to the %TEMP% folder with the following file names:
Note: %TEMP% refers to a variable location that is determined by the malware by querying the operating system. The default location for the All Users Profile folder for Windows 2000, XP, and 2003 is "C:\DOCUME~1\<user>\LOCALS~1\Temp". For Windows Vista, 7, and W8, the default location is "C:\Users\<user name>\AppData\Local\Temp".
is known to try to download files from the following servers:
Related encyclopedia entries
Analysis by Marianne Mallen
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.