Malware authors have long taken advantage of high-profile incidents and trends to infect naive Internet users with malware. Historically, we have come across innumerable incidents like Michael Jackson’s demise or the Benazir Bhutto assassination as an avenue to spread malware.
We have seen instances from recent times where FIFA World Cup themes have been extensively used as bait to lure unsuspecting users into opening malicious attachments. With lots of recently discovered vulnerabilities and widespread distribution, PDF files are a perfect vector for these kind of attacks. These threats can be delivered as emails or poisoned search-engine results leading to malicious PDFs.
This particular PDF file is directed at certain high-profile targets. Upon executing the malicious PDF file on a vulnerable version of Adobe Reader or Acrobat, it drops an innocent PDF file as shown in the figure below to spoof the unsuspecting user.
This PDF exploits a vulnerability in the way Adobe Acrobat and Reader handle TIFF files and affects all Versions 9.3 and earlier.
This malicious PDF drops and executes a malicious payload detected as BackDoor-ERZ, while the malicious PDF is detected as Exploit-pdf.b with McAfee’s 6022 DATs.