Andromeda Gamarue Botnet Gets An Update

Recently I saw some spam emails exploiting an adobe PDF vulnerability ( thanks to Conrad Longmore ( https://twitter.com/ConradLongmore) )

This PDF file seems to be exploiting CVE-2013-2729 vulnerability. The shellcode is small and simple . It just downloads the file from a server and executes it .

After unpacking the file , analysis reveal that this is a new update for Andromeda - Gamarue botnet . The version is upgraded to 2.9 . Although there is no significant change in the Botnet , the version number from the request string has been removed

Raashid Bhat

http://twitter.com/raashidbhatt