We recently received an email supposedly from Puremobile – a supplier of unlocked cellphones. Similar emails were also received with “order info” from Bobijou (a costume jewelry designer). The “order confirmation” included a PDF file as shown below.
The execution of the script found above results in the exploitation of the CVE-2010-0188 vulnerability (libTiff overflow). We detect this malware as “PDF/Obfusc.Q!Camelot”. Once installed, the code download and executes other malware. Since this is a known exploit, the latest versions of Adobe Reader include protection.
Protecting against PDF malware
- In Reader select Edit -> Preferences
- Click OK.