Symptoms
No obvious symptoms.
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Balazs Biro, jr. virus researcher
Technical Description:
This is a malicious javascript that tries to exploit vulnerabilities found in Adobe Acrobat Reader and Adobe Flash Player.
When accessing a malicious site, the script will launch two ActiveX objects: AcroPDF.PDF or PDF.PdfCtrl for the pdf file and ShockWaveFlash.ShockwaveFlash for the swf file. These will download and open a pdf file named "readme.pdf" respectively a swf file named "flash.swf" both containing exploits.
As a result of opening these files a malicious executable will be downloaded and executed.
At the moment of writing the download URL was
http://sitesupports.cn/[removed]?id=0,
the downloaded executable being detected as
Backdoor.Zdoogu.F .
SHARE
THIS ON