Virus Messenger - Pidief Trojan spreads in PDF files
The Pidief.D Trojan spreads by exploiting vulnerabilities in Adobe Acrobat and Reader.
A Pidief.D Trojans try to infect as many computers as possible primarily through emails. These emails may contain attachments or links to various malicious websites, or redirects. As soon as the Trojan is installed on a computer, it downloads additional malicious applications from predefined remote servers. These include additional viruses and malware. However, the most interesting feature of Pidief.D is that it uses an vulnerability discovered in some Adobe applications to try to infect selected systems and then perform malicious activity on them.
The vulnerability of Adobe Acrobat and Reader came under cover in early November. Since then, the company has released them new versions, which no longer contain this vulnerability. Therefore, you can effectively protect against Trojans by updating the affected Adobe software.
When the Pidief.D Trojan starts, it performs the following actions:
- It attempts to exploit one of the vulnerabilities in Adobe Reader.
- It downloads malicious programs over the Internet. Saves downloaded files with a random file name.
- Launches downloaded programs.
- Creates the following files in the Windows Temp directory:
% Temp% \ xpre.exe
% Temp% \ prun.exe
% Temp% \ wavvsnet.exe
% Temp% \ snapsnet.exe
% Temp% \\\ asesnet.exe
% Temp% \ searsnet.exe
% Temp% \ incasnet.exe
% Temp% \ winvsnet.exe
