What’s with the malicious PDF file?

Symantec wrote: 

the PDF file will download ldr.exe file

F-Secure reports:

The PDF is spiced with CVE-2007-5020 exploit that downloads ms32.exe that downloads more components.

So I grab both .exe files (ms2.exe and ldr.exe) and uploaded it to Virustotal.com.  The AVs should protect and detect users from it if it failed to detect and block the malicious PDF file.

Scan results:

Only 50% of malware scanners will detect the ms2.exe as malicious.

71.88% of malware scanners will detect the ldr.exe as malicious.

Screenshots of the result at http://www.dozleng.com/updates/index.php?showtopic=16119

Leave a Reply