EXP/CVE-5020.A - Exploit

See also

Summary

Full description

Statistics

Virus:	EXP/CVE-5020.A
Date discovered:	23/10/2007
Type:	Exploit
In the wild:	Yes
Reported Infections:	Low
Distribution Potential:	Low
Damage Potential:	Medium
Static file:	Yes
File size:	3.850 Bytes
MD5 checksum:	8ea902b3b52e022ad5496be996aa2065
IVDF version:	7.0.0.125

General Method of propagation:
   • Email

Aliases:
   • Mcafee: Exploit-PDF
   • Eset: PDF/Exploit.Shell.A trojan

Platforms / OS:
   • Windows XP

Side effects:
   • Disable security applications
   • Downloads a malicious file
   • Makes use of software vulnerability

Files The following file is created:

– Non malicious file:
• %current directory%\1

It tries to download a file:

– The location is the following:
• ftp://anonymous:%current username%@%computer name%@**********/ldr.exe
It is saved on the local hard drive under: %current directory%\ldr.exe Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too. Detected as: TR/Drop.LdPinch.dvx

Email It doesn't have its own spreading routine but it was spammed out via email. The characteristics are described in the following:

Email design:
Attachments:
   • BILL.PDF
   • YOUR_BILL.PDF
   • INVOICE.PDF
   • STATEMENT.PDF

Network Infection Infection process:
Creates an FTP script on the compromised machine in order to download the malware to the remote location.

See a brief description here.

Description inserted by Lutz Koch on Tue, 23 Oct 2007 15:57 (GMT+1)
Description updated by Lutz Koch on Wed, 24 Oct 2007 12:18 (GMT+1)

» About Malware
» About Phishing
» Viruses In the Wild

« back