TechTalkz.com Technology & Computer Troubleshooting Forums - View Single Post

07-11-2007, 11:44 PM

"Leythos" <void@nowhere.lan> wrote in message
news:MPG.2133c5ca8369375298992f@adfree.Usenet.com. ..
> In article <hGmyi.39465$pu2.35719@bignews1.bellsouth.net>,
> jen@example.com says...
>> "Leythos" <void@nowhere.lan> wrote in message
>> news:MPG.2133b08e8e32469f98992b@adfree.Usenet.com. ..
>> > In article <Hhlyi.38215$pu2.31654@bignews1.bellsouth.net>,
>> > jen@example.com says...
>> >> "Virus Guy" <Virus@Guy.com> wrote in message
>> >> news:46C8FED8.193F48A8@Guy.com...
>> >> > Leythos wrote:
>> >> >> Our email filtering system, GFI Mail Essentials and Security
>> >> >> catches the malware in them, and they don't appear to be
>> >> >> licensed with Adobe.
>> >> > Perhaps the recent PDF malware can be detected without
>> >> > implimenting
>> >> > a complete PDF decoding/rendering engine.
>> >> The recent PDF SPAM run is *not* malware. It's just *SPAM*...
>> > Then you're just not seeing it with the tools you have. I've seen
>> > plenty listed as Generic.Peed.Eml by several products.
>> Don't you mean detected only by BitDefender(as generic)?. Probably
>> FP... Did you submit them to any other AV companies? Virus Total?
>> Jotti?
>> Recent change in Stock-Spam Tactics (PDF and excel):
>> http://isc.sans.org/diary.html?storyid=3177
> Nope, they were not detected as the above until last week, and most of
> them are still just PDF's without malware. Only certain ones are
> malware
> carriers - taking advantage of some new PDF exploit that I read about
> a
> couple weeks ago.

Could you elaborate(and provide a cite) on this "new PDF exploit" you
read about a couple weeks ago that this so-called malware that only
BitDefender detects(generically) takes advantage of? The last PDF
vulnerability AFAIK was reported in January ...
Adobe Reader/Acrobat Multiple Vulnerabilities:
http://secunia.com/advisories/23483/...ated=1#related

-jen

07-11-2007, 11:44 PM	#16
jen Guest Posts: n/a	Re: New .PDF malware (?) "Leythos" <void@nowhere.lan> wrote in message news:MPG.2133c5ca8369375298992f@adfree.Usenet.com. .. > In article <hGmyi.39465$pu2.35719@bignews1.bellsouth.net>, > jen@example.com says... >> "Leythos" <void@nowhere.lan> wrote in message >> news:MPG.2133b08e8e32469f98992b@adfree.Usenet.com. .. >> > In article <Hhlyi.38215$pu2.31654@bignews1.bellsouth.net>, >> > jen@example.com says... >> >> "Virus Guy" <Virus@Guy.com> wrote in message >> >> news:46C8FED8.193F48A8@Guy.com... >> >> > Leythos wrote: >> >> >> Our email filtering system, GFI Mail Essentials and Security >> >> >> catches the malware in them, and they don't appear to be >> >> >> licensed with Adobe. >> >> > Perhaps the recent PDF malware can be detected without >> >> > implimenting >> >> > a complete PDF decoding/rendering engine. >> >> The recent PDF SPAM run is not malware. It's just SPAM... >> > Then you're just not seeing it with the tools you have. I've seen >> > plenty listed as Generic.Peed.Eml by several products. >> Don't you mean detected only by BitDefender(as generic)?. Probably >> FP... Did you submit them to any other AV companies? Virus Total? >> Jotti? >> Recent change in Stock-Spam Tactics (PDF and excel): >> http://isc.sans.org/diary.html?storyid=3177 > Nope, they were not detected as the above until last week, and most of > them are still just PDF's without malware. Only certain ones are > malware > carriers - taking advantage of some new PDF exploit that I read about > a > couple weeks ago. Could you elaborate(and provide a cite) on this "new PDF exploit" you read about a couple weeks ago that this so-called malware that only BitDefender detects(generically) takes advantage of? The last PDF vulnerability AFAIK was reported in January ... Adobe Reader/Acrobat Multiple Vulnerabilities: http://secunia.com/advisories/23483/...ated=1#related -jen