Security Alerts Premature Exploitation: Unarmed zero-day uploaded to VirusTotal

Monday, Jul 9, 2018

New zero-day exploits for Adobe Reader are hardly a standout event, but one malware writer made a simple mistake that exposed their in-development malware to researchers.

This malware developer used two zero-day exploits, one for Adobe Reader and one for Windows, in tandem to create a PDF capable of remote code execution and privilege escalation. Unfortunately for them, they uploaded a PDF with ‘unarmed’ code that was then discovered by an ESET researcher. The researcher was able to quickly identify the vulnerabilities the malware was attempting to exploit and notified Adobe and Microsoft.

Patches for both Adobe Reader and Microsoft Windows have been made available already. It is not often that a mistake made by a malware developer leads to patches being released to close up the vulnerabilities they sought to exploit.

As always, patching all software is recommended. As this incident highlights, many patches contain fixes for vulnerabilities that have yet to be exploited due to the diligence of security researchers.