HEUR_PDFEXP.E is a generic detection that some anti-malware programs use to refer to malicious PDF files that use a known vulnerability in Adobe Reader to install other malware on the infected computer. Due to their nature, HEUR_PDFEXP.E malicious files are typically used in social engineering scams. They will often be disguised as some kind of interesting document related to a top news item. Opening them will often open an actual PDF file that contains some kind of related document. However, in the background, HEUR_PDFEXP.E will exploit a known vulnerability in Adobe Reader that allows criminals to execute malicious code. This means that HEUR_PDFEXP.E files can be used to install malware in the background, often used to install a backdoor on the infected computer without the victim’s knowledge. These kinds of covert malware infections are ideal for the installation of spy and banking Trojans that operate in the background undetected.
HEUR_PDFEXP.E and the United States Presidential Campaign
As mentioned before, HEUR_PDFEXP.E attacks will typically use a social engineering approach that takes advantage of top news stories in a particular news cycle. Of course, in October of 2012, few things top the United States Presidential election race in the news. Because of this, HEUR_PDFEXP.E attacks using malicious PDF files claiming to be everything from Mitt Romney’s tax returns to facts about Barack Obama and fake news stories from top media outlets. Malware attacks using the 2012 presidential campaigns as a way to reach inexperienced computer users are likely to go on for the next two months. Because of this, ESG malware analysts strongly advise computer users to get their news from a trusted news source and never from unsolicited email messages containing embedded links or attached files.
While most computer users have been educated to avoid opening compressed file attachments (such as those with RAR or ZIP extensions) or executable file attachments (especially those with the EXE extension), many are not aware that malware can be distributed using PDF and even DOC documents. Using known flaws in Adobe Reader and Microsoft Word, criminals can create innocuous documents that actually install malware on the victim’s computer. The best way to avoid these attacks is to never open or download unsolicited email attachments, regardless of their extension (which can be easily disguised).
How Can You Detect HEUR_PDFEXP.E?
HEUR_PDFEXP.E Removal Details
HEUR_PDFEXP.E creates the following files in the system:
- Romney V. Obama Tax Policies.pdf