Adobe exploit puts backdoor on computers

New exploit targeting Adobe is Trojan horse hiding JavaScript that drops a backdoor onto the compromised computer, Trend Micro says.

A new zero-day exploit targeting Adobe Reader, as well as 9.1.3 and earlier versions of Adobe Systems' Acrobat, drops a backdoor onto computers using JavaScript, Trend Micro researchers warned on Friday.

Trend Micro identified the exploit as a Trojan horse dubbed "Troj_Pidief.Uo" in a blog post. It arrives as a PDF file containing JavaScript-based malware, "Js_Agent.Dt," and then drops a backdoor called "Bkdr_Protux.Bd."

The exploit affects Microsoft Windows 98, ME, NT, 2000, XP, and Server 2003, according to Trend Micro.

The blog post provides technical details on how the malware works, specifically the activity of its shell code, the piece of code that delivers the payload. The JavaScript is used to execute arbitrary codes in a technique known as "heap spraying."

"Based on our findings, the shell code (that was heap-sprayed) jumps to another shell code inside the PDF file" before extracting and executing the backdoor, Trend Micro said. The backdoor "is also embedded in the PDF file and not the usual file downloaded from the Web."

Variants of the Protux backdoor typically provide an attacker unrestricted user-level access to a compromised machine and previously exploited vulnerabilities in Microsoft Office files, according to Trend Micro.

Adobe announced on Thursday that it would release an update to fix the hole on Tuesday, the same day as Microsoft's Patch Tuesday.

This screenshot shows the embedded executable file in the PDF file, after it has been decrypted. Trend Micro

 

ARTICLE DISCUSSION

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

Hot on CNET

The Next Big Thing

Consoles go wide and far beyond gaming with power and realism.