Article

Attackers target new Adobe zero-day flaw

Robert Westervelt, News Director

A newly discovered zero-day vulnerability within Adobe's Acrobat Reader is being actively targeted by attackers, warns researchers at Symantec Corp. 

SearchSecurity.com:

To get security news and tips delivered to your inbox, 

    Requires Free Membership to View

click here to sign up for our free newsletter.

Hackers have been spreading malicious PDF files containing the Pidief Trojan. If a person opens the file, the Trojan attempts to exploit an unpatched processing error in Adobe Acrobat Reader 8 and 9, which results in a buffer overflow.

"Malicious PDFs using this exploit will be detected as Trojan.Pidief.E," Symantec said in a statement.

Kevin Haley, director of security response at Symantec said researchers there were given a sample of the threat Feb. 12. The first signs of it appearing in the wild were discovered in Japan. So far the Trojan seems to be spreading slowly, targeting company managers and senior level executives, Haley said. 

"Our speculation is that since there's so few of these, they're targeted at high level people or specific government agencies."
Kevin Haley, Director, Symantec Security Response

"Our speculation is that since there's so few of these, they're targeted at high level people or specific government agencies," he said. "We haven't seen a carpet bomb of anybody in certain company or agency. It's been tightly controlled."

Exploit code is circulating in the wild in the U.S., China, Japan, Taiwan and the U.K.

Adobe acknowledged the zero-day in an advisory to customers calling it critical. It confirmed the flaw in Adobe Reader 9 and Acrobat 9 as well as Adobe Reader and Acrobat 8.1.3 and earlier versions.

"This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system," Adobe said in its advisory.

Adobe said it is in the process of fixing the processing error and will release the first fixes by March 11.

Danish vulnerability clearinghouse Secunia gave the zero-day an extremely critical rating. In its advisory, Secunia said the flaw could be exploited to access critical system files. 

On Thursday, the Shadowserver Foundation, a volunteer watchdog group of security pros, released details of the Adobe zero-day. The foundation said the attacks attempt to exploit a vulnerability in a non-JavaScript function call.

Shadowserver volunteers, Steven Adair and Matt Richard advise users to disable JavaScript until a patch is released. The workaround prevents the malware from being installed on the system, but will still result in Acrobat or Reader crashing.

"You have the choice of small loss in functionality and a crash versus your systems being compromised and all your data being stolen," Adair wrote in a Shadowserver post. "It should be an easy choice."


Editor's note: This story was updated to include comment from Symantec's Kevin Haley.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: