Are you a gadget geek? Do you often seek advice from Gadget Advisor before making a purchase?
One of our Web Security Analysts discovered a malicious IFrame on the popular tech website that redirects visitors to a malicious website.
If the site detects a PDF browser plugin for Adobe Acrobat and Reader, it loads a specially-crafted malicious PDF file that exploits a stack-based buffer overflow vulnerability (CVE-2008-2992).
The net effect of the attack is to plant a trojan, detected as Trojan-Downloader.Win32.Agent.brxr, on vulnerable systems by calling the util.printf JavaScript function, which connects back to the malicious website in order to download the trojan to the machine. A remote attacker can access the user's machine once it has been infected with the trojan.
Below are the readable codes contained within the malicious PDF file.
This attack is targeted against older, unpatched versions, as the latest Adobe updates have already fixed this problem. More information and the updates can be found on adobe.com at http://www.adobe.com/support/security/bulletins/apsb08-19.html.
Disabling the JavaScript function in Acrobat and Reader will also prevent the threat from proceeding.