Malicious PDFs Analysis Continued

< Call for Papers: LEET'09 and EuroSec'09 | Using Honeypots to Study Web-based Attacks >

Malicious PDFs Analysis Continued

After my initial posting about the possibility to analyze PDF files with CWSandbox we received a few more such samples. In all cases the PDF file exploits a vulnerability in Acrobat Reader once the file is opened. With the help of CWSandbox it is possible to observe this exploit and also the actions of the malware after the compromise (e.g., downloading of additional malware from another server). Please find below three additional examples of such reports:

https://cwsandbox.org/?page=report&analysisid=879663&password=vqtgp

https://cwsandbox.org/?page=report&analysisid=878305&password=utxuc

https://cwsandbox.org/?page=report&analysisid=878393&password=pmviw

If you happen to have more malicious PDFs, please submit them at cwsandbox.org :-)

This entry was posted by Thorsten Holz on Monday, January 12. 2009 at 13:18. and is filed under CWSandbox, malware. You can leave a response, or trackback from your own blog.

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

Name
Email
Homepage
In reply to
Comment	E-Mail addresses will not be displayed and will only be used for E-Mail notifications To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above:
	Remember Information? Subscribe to this entry