PDF Launch Vulnerability

If you’ve been sleeping on the Adobe Acrobat and Reader /Launch vulnerability, its time to consider taking mitigating steps. The proof of concept presented by Didier Stevens uses the /launch functionality that is part of the specification for PDF in order to execute arbitrary code. Because this was a problem with the PDF specification, the …

Continue reading ‘PDF Launch Vulnerability’ »

Mal/Dropper-L

We had a couple viruses get past MessageLabs last night. That is not something I normally see. Both files were named lgame.zip and contained a single file lgame.exe. The subject of the message was “Hot Pictures.” Sunbelt Software’s analysis of this file is really good. You can view that online here. The email messages were …

Continue reading ‘Mal/Dropper-L’ »

FDF Spam

F-Secure is reporting in their blog that they are seeing spam in FDF file attachments. FDF files will open in Adobe Reader. Spammers are using this as their latest attempt to bypass spam filters.

Delf.aki

The HTTP gateway detected the Delf.aki virus in a file profilewatcher_setup.exe which one of my users tried to download. Just for kicks I uploaded it to the virustotal site and here’s the result. File size: 985897 bytes MD5: 837c3036adf45c11a45c8a2f356c060e SHA1: ef7311d94a80962d886befefb6bc08f03941f3e4 packers: BINARYRES Antivirus Version Update Result AhnLab-V3 2007.5.21.1 05.22.2007 no virus found AntiVir 7.4.0.27 …

Continue reading ‘Delf.aki’ »

More Stormwatch

F-Secure has a blog entry on the latest virus varients from the stormwatch virus. Subject:So Unique Feeling Horny? Full Heart Sending Kiss Just You Heart of Mine I Love You Soo Much [events]Our Wedding Day Love at first sight Dream Date Coupon Back Together Attachment: flash postcard.exe postcard.exe greeting postcard.exe Greeting Card.exe Those are just …

Continue reading ‘More Stormwatch’ »

F-Secure: postcard.exe spam run

F-Secure blogged this morning about a large scale spam run underway sending messages with the attachment postcard.exe and the subject “Happy New Year!” I saw that at my site last night. Actually, I probably wouldn’t have even noticed all those detections, but I reenabled the filters on my blackberry so it doesn’t get filled up …

Continue reading ‘F-Secure: postcard.exe spam run’ »