Outbreak Name: PDF Virus Outbreak

Outbreak Date: 10-26-07

Virus Infected PDF Files Circulate Via Email

Outbreak Filters Protects Users Hours Before AV Signatures

Background

IronPort's Virus Outbreak Filters protects customers within the critical period between the first exploit of a virus outbreak and the release of an AV signature. During the recent "PDF Virus Outbreak", Outbreak Filters protected customers 1 hour and 27 minutes* before the first major anti-virus vendor provided protection and over 3 hours ahead of the average major anti-virus vendor.

Outbreak Details

On October 26th, 2007, emails containing malicious PDF files were distributed via email to hundreds of thousands of recipients. The emails were disguised as bank statements by containing subjects such as "report", "debt2007", "overdraft.2007.10.26" and attachments names including "Your credit report", "Your balance report" and "Personal Credit Points". The outbreak occurred very quickly, lasting less than 8 hours.

Once opened, the malicious PDF file used a recently discovered PDF vulnerability to install a Trojan that allows remote hackers to take over the infected PC. Once taken over, hackers can use the computer to send spam and host spyware. Remote hackers can also install key loggers and screen scrapers onto the infected PC to steal personal, confidential and financial information without the user's knowledge.

Timeline

* Vendor signature times per AV-Test. Signature times from the following vendors: Sophos, Trend Micro, Symantec and McAfee. Generic signatures not included.