Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » PDF/Pidief.A

Overview

Threat Risk MEDIUM MEDIUM
Destructivity Unknown UNKNOWN
Payload Disables Windows Firewall, downloads and install malware
Detection files published 23 Oct 2007 03:00:00
Description created 24 Oct 2007 11:44:00
Description updated 24 Oct 2007 11:44:00
Malware type UNKNOWN
Alias EXPL_PIDIEF.B
Trojan.Pidief.A
Spreading mechanism EMAIL
Summary

PDF/Pidief.A

Spreading

This trojan is spammed out by email. Some of the subject lines are:
INVOICE alacrity INVOICE depredate STATEMET indigeneAnd the following filenames.
BILL.pdf INVOICE.pdf YOUR_BILL.pdf STATEMET.pdf

Payload Details

If this Trojan is opened at a vulnerable system it will disable the Windows Firewall, then use FTP to download a file called ldr.exe. It will then execute the file ldr.exe This file is detected by Lumension Virus Control as W32/Smalldrp.NWB (see the tab Addidtional descriptions for the SandBox analysis of this file).

Analysis

n/a

Removal

This trojan is detected and removed by Lumension' second release of virus detection files 24 October 2007, at 16:49 UTC.


Last Updated: 12 Nov 2015 11:06:15