BLOGS: M86 Pushdo warning highlights the need for user security awareness
If loaded, the JS redirects to a page on several different web servers, which in turn loads a hidden iframe before redirecting again to a Canadian pharmacy website. The iframe contains the malware:
This script checks each of the browser’s plugins to see if any contain the words ‘Adobe Acrobat’ or ‘Adobe PDF’ in their name. This is looking for any Adobe PDF readers and if one is found, adds an IFrame to the page pointing to a malicious PDF file.
The exploits install an executable named game.exe which we have not yet analyzed and is not detected by many anti virus products.
Once again we see the importance of user awareness: your anti-malware security software might not protect you; but it won’t need to if you simply don’t click on unexpected attachments.