Malware
Mac
Facebook
Android
Vulnerability
Data loss
Privacy
More...

Search for:

Hacker's mother stands against Jack Straw in UK election

Troj/PDFEx-DF: SophosLabs sees malware exploiting /Launch

Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats.

Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats.

Don't forget you can subscribe to the SophosLabs YouTube channel to find all our latest videos.

Hi there! If you're new here, you might want to subscribe to our RSS feed for updates.

Already using Google+? Find us on Google+ for the latest security news.

On LinkedIn? Join the Naked Security discussion group and connect with your peers in the security industry.

Sorry, something happened and we couldn't sign you up. Please come back later and try again.

Congratulations, you've successfully signed up for our daily news! Check your inbox soon, we've sent you an email.

Sorry, we won't accept that email address. Please try a different address.

We're adding your address to our list...

Join thousands of others, and sign up for Naked Security's newsletter

by SophosLabs on April 12, 2010 | Leave a comment

Filed Under: Malware, SophosLabs

Last week, I talked about how to disable some functionality in Adobe Acrobat (see blog).

This morning, we released generic detection for something we call Sus/PDFJs-S. Sophos will generically detect PDF files which use this functionality to run executables.This afternoon, I have just written detection for the first malicious PDF using this technique (Troj/PDFEx-DF).

When you open a file with Troj/PDFEx-DF you will be presented with the following:

If you were to ignore the obvious spelling mistake Troj/PDFEx-DF would drop and execute:

c:\windows\system32\ActiveX.exe

Which will be detected as Troj/Agent-MYJ.

Share

Email
Tweet
Buffer
Hacker News
App.Net
Pocket

Hacker's mother stands against Jack Straw in UK election

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Name *

Email *

Website

Username *

Comment

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <strike> <strong>

Popular
Recent
Related

sc-250

Snapchat images that have "disappeared forever" stay right on your phone...

Blogger threatened with $1 billion suit for writing about allegedly predatory publisher

Blogger threatened with $1 billion suit for writing about allegedly predatory publisher

dloadnow-250

Inside the "PlugX" malware with SophosLabs - a fascinating journey into a malware factory...

Congress asks Google if and how it's protecting privacy with Glass

Congress asks Google if and how it's protecting privacy with Glass

Want to see who has viewed your Facebook profile? Take care..

Rihanna sex video event scam spreads on Facebook

Rihanna sex video event scam spreads on Facebook

22 million user IDs may be in the hands of hackers, after Yahoo Japan security breach

22 million user IDs may be in the hands of hackers, after Yahoo Japan security breach

Revenge-porn website victim files suit against ex and four porn sites

Revenge-porn website victim files suit against ex and four porn sites

Apple iMessage "censors" mention of Obama: international conspiracy...or software bug?

AusSHIRT 2013 - the #sophospuzzle instructions in full

sscc109-250

SSCC 109 - Laptop theft, money mules, LulzSec, Microsoft and more [PODCAST]

DDoS-for-hire service is legal and even lets FBI peek in, says a guy with an attorney

DDoS-for-hire service is legal and even lets FBI peek in, says a guy with an attorney

AusSHIRT 2013 - the #sophospuzzle instructions in full

Blogger threatened with $1 billion suit for writing about allegedly predatory publisher

Blogger threatened with $1 billion suit for writing about allegedly predatory publisher

22 million user IDs may be in the hands of hackers, after Yahoo Japan security breach

22 million user IDs may be in the hands of hackers, after Yahoo Japan security breach

dloadnow-250

Inside the "PlugX" malware with SophosLabs - a fascinating journey into a malware factory...

Congress asks Google if and how it's protecting privacy with Glass

Congress asks Google if and how it's protecting privacy with Glass

Monday review

Monday review - the hot 24 stories of the week

Get ready for the next #sophospuzzle - coming soon to a T-shirt near you

anonymous-lulzsec-170

Interview with 'We are Anonymous' author Parmy Olson [PODCAST]

Who ordered spam? New trick in PDF malware uncovered

Who ordered spam? New trick in PDF malware uncovered

Insecure WordPress blogs unwittingly host Blackhole malware attack

Insecure WordPress blogs unwittingly host Blackhole malware attack

nbc-tower-250

NBC website hacked and distributes malware - here's what happened

Targeted malware attack shows how Fast Fingerprinting works

Targeted malware attack shows how Fast Fingerprinting works

reception-thumb

Jobs website of major hotel chain serving malware, linked to other attacks

Beware Changelog spammed-out malware attack

Beware Changelog spammed-out malware attack

tsunami-2-thumb

Mac malware: Tsunami backdoor variants discovered

NYC Traffic Ticket spam is really Blackhole malware attack

NYC Traffic Ticket spam is really Blackhole malware attack

iStock_WarningVirus250

You practice safe computing, so why do you still see malware?

Video posts

More videos this way

Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]

You won't believe how crazy this password infomercial is (and neither did Ellen DeGeneres) [VIDEO]

When is a password not a password? When Excel sees VelvetSweatshop

When is a password not a password? When Excel sees "VelvetSweatshop" [VIDEO]

Sophos CEO suffers from a watery end for Comic Relief

Sophos CEO suffers from a watery end for #ComicRelief

Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]

Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]

Hacked TV channels broadcast zombie apocalypse emergency alert [VIDEO]

Hacked TV channels broadcast zombie apocalypse emergency alert [VIDEO]

About Naked Security
About Sophos
Our Authors
Awards
Got a story for us?

Tags

Adobe Android anonymous Apple Cybercrime data loss DDoS Exploit Facebook Fake anti-virus General Google hacking iPhone IT Malware Microsoft password phishing Privacy Scam scareware Spam Survey Scam Twitter Video vulnerability web web 2.0 WWW

Categories

Adobe (339)
BlackBerry (82)
Clickjacking (70)
Cryptography (171)
Data loss (1850)
Denial of Service (317)
Featured (5940)
Firefox (168)
Google (245)
Internet Explorer (279)
iOS (318)
Law & order (2461)
Linux (69)
Malware (2445)
Mobile (397)
OS X (202)
Privacy (2400)
Social networks (1101)
Technologies (14)
Uncategorized (147)
Vulnerability (1078)
Web Browsers (169)
Windows (223)
Windows phone (40)

Archives by month

May 2013 (64)
April 2013 (94)
March 2013 (103)
February 2013 (96)
January 2013 (109)
December 2012 (52)
November 2012 (103)
October 2012 (113)
September 2012 (91)
August 2012 (110)
July 2012 (92)
June 2012 (91)
May 2012 (99)
April 2012 (79)

Download some free tools

Free anti-virus for your MacFree antivirus that works simply and beautifully
Free Android protectionFree antivirus for all your Android devices
More free tools...

Take a look at our products

Endpoint
Encryption

Mobile
Network

Email
Web

Try out our free trials and demos

Investigate the threats

Virus and spyware analyses
Threat Center
Inside SophosLabs

© 1997-2013 Sophos Ltd. All rights reserved
Legal
Privacy
Cookies
Disclaimers

Send to Email Address Your Name Your Email Address

Cancel

Post was not sent - check your email addresses!

Email check failed, please try again

Sorry, your blog cannot share posts by email.