Exploit:JS/Pdfka.TI is an exploit that can take advantage of two vulnerabilities in a single PDF file in order to download malicious binary files (usually Trojan-Downloader:W32/Bredolab variants) onto the system.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
More information on scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
The vulnerabilities exploited are:
Adobe Reader and Acrobat versions 8.1.2 and earlier are affected by the vulnerabilities exploited by this malware.
Once the vulnerabilities are exploited, binary files are downloaded from:
The downloaded files are saved in the Temporary directory using the following filenames:
The files are then executed.