The Trojan may arrive on the compromised computer as a spammed email attachment, through a malicious link, or through Web browser redirects.
When the Trojan executes, it attempts to exploit the Adobe Reader PDF File Handling Remote Code Execution Vulnerability (BID 33751
) in Adobe Acrobat Reader 8 and 9.
Next, the Trojan attempts to drop and execute the following files on the compromised computer:
The Trojan opens a back door on the compromised computer.
It then contacts the following remote host in order to steal information from the compromised computer:
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":