Another Adobe Flash 0day Vulnerability CVE-2010-3654

By Jonathan San Jose and Alan Lee

Another Adobe 0 day vulnerability has been discovered on 28th October 2010.
Version 10.1 of Adobe Flash and Version 9.x of Acrobat and Acrobat Reader are vulnerable to this attack.
Exploits taking advantage of this vulnerability has been known to surface in the wild.
Cybercriminals may host the malicious exploit PDF files on malicious websites and use social engineering techniques to entice unsuspecting victims to visit these websites and download the PDF files.

Once executed, the threat will open the PDF file in Adobe Acrobat Reader.

adobe zero day threat

The threat will then drop the following files onto infected computer:-
- %Temp%nsunday.dll
- %Temp%nsunday.exe
Note: %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:Documents and Settings[UserName]Local SettingsTemp (Windows NT/2000/XP)
It will also create a registry key entry:-
- [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
nsunday = “%Temp%nsunday.exe -installkys”

The malware then attempts a connection to a remote server.
To make sure that you are protected from this exploit, please ensure that Intelliguard is switched on in PC Tools Internet Security or PC Tools Spyware Doctor with Antivirus.
adobe zero day virus

adobe zero day threat

ThreatExpert reports:-
Threat Expert Report1
Threat Expert Report2

Further Analysis:
Contagion Dump Report
Bugix Report
Adobe Report

This entry was posted in Malware Alerts and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>