Tettnang, 9 March 2010 – Mid February Adobe released new versions of Reader and Acrobat. Avira now detected specially prepared PDF files which abuse the vulnerabilities which are fixed within the new release.

Upon opening the malicious PDF files vulnerable versions of the Adobe software crash. In the background, malicious code gets executed which creates a malware file named “a.exe” in the system root directory “C:\”. Avira security solutions detect this component with AHeAD heuristics as “TR/Downloader.Gen”; with one of the next updates of the virus definition files the Trojan is named “TR/Dldr.Zitan.A”.

Additionally, the autorun entry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Adobe_RLX=”c:\%filename%.exe reader”
is added to the windows registry so the malware gets active after a reboot of the computer. After that, Zitan.A tries to resolve the addresses ftp.tia***.***.biz and tia***.***.biz with DNS requests.

With the virus definition files in version 7.10.05.06 Avira antimalware solutions detect the specially prepared PDF file as “EXP/Pidief.axa”. Users of Avira are therefore protected. To be safe from such threats users should always keep their software up to date – the updates from Adobe are available for 3 weeks already. Additionally users shouldn’t open files with unknown origin.

Avira’s free basic protection Avira AntiVir Personal already detects the malware. More extensive protection packages such as Avira AntiVir Premium use WebGuard to filter out malware from the data stream before it ever reaches the web browser. Avira AntiVir Premium costs €19.95 for one year. Avira Premium Security Suite provides all-round protection: It complements the features of Avira AntiVir Premium with a firewall to protect against attacks from the network, combats spam and performs backups, for the price of €39.95.

Avira GmbH is a leading global provider of IT security solutions for professional and private use. With over twenty years of experience, the company is one of the pioneers in this field. As a foundation member of the initiative “IT Security made in Germany” (ITSMIG e.V.), Avira guarantees that it provides IT security products with no backdoors.

The German IT security expert is headquartered in Tettnang near Lake Constance and maintains several subsidiaries worldwide. Avira employs approximately 300 staff and makes a significant contribution towards the security of millions of private users through its free virus protection, Avira AntiVir Personal.

Domestic and international customers include well-known companies listed on global stock exchanges, educational establishments and government authorities. In addition to protecting the virtual environment, Avira promotes the Auerbach Foundation for greater protection and security in the real world. The Auerbach Foundation supports charitable and social projects, as well as art, culture and science.

Related Posts

No related posts.