--------Updated on 12-Oct-2012------
“Exploit-PDF!Blacole” is the detection for specially designed PDF files that attempt to exploit software vulnerabilities in Adobe Acrobat and Adobe Reader.
Trojan checks the installed component versions such as Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 and allows the attacker to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
Upon execution the Trojan tries to connect the below URL though remote port 53 in order to download the other payloads and it listens to an random port
-------- Updated on 19-Apr-2012 -----
- Kaspersky - Exploit.JS.Pdfka.frz
- Microsoft - Exploit:Win32/Pdfjsc.RM
- NOD32 - JS/Exploit.Pdfka.PJU
- Sophos - Troj/PDFJS-WD
The downloaded file may be saved in the Temp folder with any of the following names:
More information about this vulnerability as described in CVE-2010-0188.
Exploit-PDF!Blacole is the detection for specially-crafted PDF files that exploit the vulnerability in Adobe Acrobat.
It checks for the version of adobe installed in the system and exploit accordingly. It will work with any version above 8.0 of adobe reader
On successful exploitation of a vulnerable application, malicious code gets executed and it will download the malicious samples from the following links and executes them.