Millages.net pdf virus? You don't even have to download it to be infected...

Discussion in 'Security' started by AzzidReign, Apr 2, 2010.

  1. #1
    My users have been complaining about viruses for a few months now and I thought that I had removed the ad network responsible for this, but it seems to be multiple networks...or some how injecting into whatever js my ad codes have (because those without the ads aren't getting this).

    I wanted to know if anyone else was having problems with millages.net downloads. It comes up as pdf.pdf, terms.pdf, or tos.pdf (not sure on the last one, it's something like that, maybe contact.pdf).

    Here's one image/example:
    [​IMG]

    I've looked into it a little bit and saw a few sites were having the same issue but didn't see that any of them solved it. Apparently your computer becomes infected the minute that download pops up...you don't even have to download and run it.

    So I hope someone can help me with this... :(
     
    AzzidReign, Apr 2, 2010 IP
  2. SirGod

    SirGod Peon

    Messages:
    11
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Practically, PDF's can't be infected. Maybe the PDF was a crafted one, the attacker may created an exploit based on a vulnerability in your PDF reader(usually Adobe) and the antivirus found it.
     
    SirGod, Apr 13, 2010 IP
  3. Actaviosan

    Actaviosan Guest

    Messages:
    216
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #3
    PDF files can not be infected. Maybe the malware/virus was coded based on some PDF reader's vulnerability.
    Also, check logs if any breach in occured, what IP did that file come from, etc...
    It's practically a code that when a user comes to view your website it automatically downloads and executes the file.
     
    Actaviosan, May 5, 2010 IP