Is anything truly secure...

One Comment on “Analyzing PDF files and Shellcode”

  1. Dave
    This comment actually involves several of your recent articles. There is a new drive-by Storm attack! This attack now includes an additional attack method, a compromised Adobe Acrobat (pdf) file, as described in this article. It also includes a new, updated two-stage multi-vector attack similar to what was reported here in early May (now includes code to download & execute two different payload files from different locations - is Storm subletting? - as well as a new, very irritating combination of AV evasion/obfuscation techniques). It also now includes a third attack method, based on a Microsoft Office SnapShot Viewer ActiveX exploit. This attack is also serving-up files directly by an IP address, which also happens to be right next store to the IPs you mentioned being used by flora.pl and the spewing spambots in your Comment Spam & PPC Redirection article! I have confirmed that these virus files are being served-up from the same "bulletproof" Panamanian hosting service you mentioned! The scariest part, however, it how they appear to be spreading this. From what I can tell, it appears this may be being spread via infected banner ads displayed on legit sites and served-up from affiliate ad services! Yikes! I am E-MAILing you the details, but wanted to make sure that you saw this right away!

Comments are closed.

Copyright © 2014 SudoSecure LLC. All rights reserved.

rvn_polyon_theme rvn_polyon_theme_tv_1_7 rvn_polyon_theme_fwv_2_2