MediumIBM Security Server Protection for Windows, Proventia-G 1.1 and earlier, Proventia Network MFS, Proventia Network IDS, RealSecure Server Sensor, RealSecure Network, Proventia Desktop, Proventia Network IPS, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:
This event signals a PDF (Portable Document Format) file containing a data stream encoded with an illogical or impractical combination of stream filters that suggest malicious intent of the creator of the document.
This signature detects a PDF (Portable Document Format) file containing a data stream encoded with an illogical or impractical combination of stream filters that suggest malicious intent of the creator of the document.
IBM Security Server Protection for Windows, Proventia-G 1.1 and earlier, Proventia Network MFS, Proventia Network IDS, RealSecure Server Sensor, RealSecure Network, Proventia Desktop, Proventia Network IPS, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology: Innocent yet oddly constructed files may trigger this signature.
Medium
IBM Security Server Protection for Windows: 2.1.14.2400, IBM Security Server Protection for Windows: 1.0.914.2380, IBM Security Server Protection for Windows: 2.0.300.2380, Proventia-G 1.1 and earlier: XPU 29.040, Proventia Network MFS: XPU 29.040, Proventia Network IDS: XPU 29.040, RealSecure Server Sensor: XPU 29.040, RealSecure Network: XPU 29.040, Proventia Desktop: 2380, Proventia Network IPS: XPU 29.040, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 29.040
PDF PDF
Suspicious Activity
A PDF file containing an encoded stream of data using an illogical combination of PDF stream filters has been detected. This could indicate that an attacker is attempting to evade pattern matching IDS systems and take control of a system.
This audit is for informational purposes only. Consider blocking the traffic.
ISS X-Force
PDF obfuscated stream detected
http://www.iss.net/security_center/static/49696.php