1. /
  2. Security Response/
  3. Trojan.Pidief.C

Trojan.Pidief.C

Risk Level 2: Low

Discovered:
February 9, 2008
Updated:
February 10, 2008 9:55:12 AM
Also Known As:
Exploit-PDF.b [McAfee]
Type:
Trojan
Infection Length:
3,180 bytes
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
CVE References:
CVE-2007-5659, CVE-2007-5663, CVE-2007-5666, CVE-2008-0655, CVE-2008-0667, CVE-2008-0726, CVE-2008-2042
Trojan.Pidief.C is a Trojan horse that exploits the Adobe Acrobat and Reader Multiple Arbitrary Code Execution and Security Vulnerabilities (BID 27641) to download and execute files from the Internet.

Further Reading
For more information, please see the following resources:


Symantec Endpoint Protection – Application and Device Control

Symantec Security Response has developed an Application and Device Control (ADC) Policy for Symantec Endpoint Protection to protect against the activities associated with this threat. ADC policies are useful in reducing the risk of a threat infecting a computer, the unintentional removal of data, and to restrict the programs that are run on a computer.

This particular ADC policy can be used to help combat an outbreak of this threat by slowing down or eliminating its ability to spread from one computer to another. If you are experiencing an outbreak of this threat in your network, please download the policy.

To use the policy, import the .dat file into your Symantec Endpoint Protection Manager. When distributing it to client computers, we recommend using it in Test (log only) mode initially in order to determine the possible impacts of the policy on normal network/computer usage. After observing the policy for a period of time, and determining the possible consequences of enabling it in your environment, deploy the policy in Production mode to enable active protection.

For more information on ADC and how to manage and deploy them throughout your organization, please refer to the Symantec Endpoint Protection Administration Manual (PDF).

Note: The ADC policies developed by Security Response are recommended for use in outbreak situations. While useful in such situations, due to their restrictive nature they may cause disruptions to normal business activities.

Antivirus Protection Dates

  • Initial Rapid Release version February 9, 2008 revision 007
  • Latest Rapid Release version June 21, 2013 revision 006
  • Initial Daily Certified version February 9, 2008 revision 008
  • Latest Daily Certified version June 21, 2013 revision 016
  • Initial Weekly Certified release date February 13, 2008
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Medium
  • Number of Infections: 50 - 999
  • Number of Sites: 10+
  • Geographical Distribution: Medium
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Medium
  • Payload: Exploits a vulnerability to download and execute remote files.

Distribution

  • Distribution Level: Low
Writeup By: Mircea Ciubotariu and Sean Kiernan

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver