Is anything truly secure...

One Comment on “Analyzing PDF files and Shellcode”

  1. Dave
    This comment actually involves several of your recent articles. There is a new drive-by Storm attack! This attack now includes an additional attack method, a compromised Adobe Acrobat (pdf) file, as described in this article. It also includes a new, updated two-stage multi-vector attack similar to what was reported here in early May (now includes code to download & execute two different payload files from different locations - is Storm subletting? - as well as a new, very irritating combination of AV evasion/obfuscation techniques). It also now includes a third attack method, based on a Microsoft Office SnapShot Viewer ActiveX exploit. This attack is also serving-up files directly by an IP address, which also happens to be right next store to the IPs you mentioned being used by and the spewing spambots in your Comment Spam & PPC Redirection article! I have confirmed that these virus files are being served-up from the same "bulletproof" Panamanian hosting service you mentioned! The scariest part, however, it how they appear to be spreading this. From what I can tell, it appears this may be being spread via infected banner ads displayed on legit sites and served-up from affiliate ad services! Yikes! I am E-MAILing you the details, but wanted to make sure that you saw this right away!

Comments are closed.

Copyright © 2014 SudoSecure LLC. All rights reserved.

rvn_polyon_theme rvn_polyon_theme_tv_1_7 rvn_polyon_theme_fwv_2_2