By Jonathan San Jose and Alan Lee
Another Adobe 0 day vulnerability has been discovered on 28th October 2010.
Version 10.1 of Adobe Flash and Version 9.x of Acrobat and Acrobat Reader are vulnerable to this attack.
Exploits taking advantage of this vulnerability has been known to surface in the wild.
Cybercriminals may host the malicious exploit PDF files on malicious websites and use social engineering techniques to entice unsuspecting victims to visit these websites and download the PDF files.
Once executed, the threat will open the PDF file in Adobe Acrobat Reader.
The threat will then drop the following files onto infected computer:-
- %Temp%\nsunday.dll
- %Temp%\nsunday.exe
Note: %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP)
It will also create a registry key entry:-
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
nsunday = “%Temp%\nsunday.exe -installkys”
The malware then attempts a connection to a remote server.
To make sure that you are protected from this exploit, please ensure that Intelliguard is switched on in PC Tools Internet Security or PC Tools Spyware Doctor with Antivirus.
ThreatExpert reports:-
Threat Expert Report1
Threat Expert Report2
Further Analysis:
Contagion Dump Report
Bugix Report
Adobe Report