2. Spreading path and symptoms of infection
This malicious file used CVE-2011-2462 vulnerability, is PDF type and can be spread through attachment of e-mail or certain link. Besides, if infected, system control permission can be lost to attacker with exposure of U3D memory tampering.
This malicious PDF file is a type of injecting malicious ShellCode, and its content is a type of survey(ManTech Employee Satisfaction Survey).
Upon executed this malicious PDF file, injected ShellCode will be executed. Furthermore, this PDF file will generate additional malicious files as following.
Additional malicious files are known as communicating with external C&C server constantly, however, all related sites has been blocked.
3. How to prevent
Adobe announced security update Adobe Reader 9.x and Adobe Acrobat 9.x for Windows related with that vulnerability until Dec 12 for Windows. However, in case of Adobe Reader X and Adobe Acrobat X, those can protect themselves from the vulnerability with using safe mode and safe view.
INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.