Malicious PDF file has a variant and it’s undetected by several AV

The first few malicious PDF file that I received 3 days ago was sent from Germany.  Today, I received 4 of the PDF files and it was sent from US and Panama networks.

Scanning via VirusTotal resulted to –> only 7 out of 32 scanners will detect the variant which is understandable if they don’t have a copy yet. 

I posted the screenshots over at http://www.dozleng.com/updates/index.php?s=&showtopic=16119&view=findpost&p=70086 as my reply to my initial alert.  3 out of 4 has the same file size and checksum.

Hopefully the submissions I did thru VirusTotal free online scanner service will be distibuted soon (to the anti-malware vendors) for further analysis at their own labs and add detections to it.

Again, if you have not update your Adobe Reader or Acrobat Reader (if installed), update soon to v8.1.1, do not open unexpected emails with attachments (especially if the anti-malware scanner is not fast enough to detect variants that is in the wild).. if possible, use MailWasher from Firetrust.  Mailwasher let you preview your emails without downloading it to your hard-drive and this allow you to delete bad emails (from your ISP’s server) before you fire up your mail program to get the “good” emails.

Leave a Reply