
	Home > Security News > Adobe JBIG2 exploits being spammed, IBM warns

Security News:

EMAIL THIS

Adobe JBIG2 exploits being spammed, IBM warns

By SearchSecurity.com Staff
18 Mar 2009 | SearchSecurity.com

Security Wire Daily News

Digg This! StumbleUpon Del.icio.us

IBM's Internet Security Systems division is warning customers about a wave of spam messages in the wild containing malicious PDF files trying to exploit the recently patched JBIG2 flaw.

SearchSecurity.com:

To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

In a blog posting, members of the ISS X-Force research team said the malicious code may have been integrated into toolkits in recent days. Messages sent by spam bots have been detected. The messages appear to be originating from Taiwan, IBM said.

IBM warned that the malicious files could be opened simply by opening a spam email since PDFs are sometimes auto-loaded by certain applications.

Adobe issued a critical update last week, plugging the JBIG2 flaw. Attackers had been attempting to exploit the processing error in Adobe Acrobat Reader 8 and 9, which results in a buffer overflow.

Adobe Reader 9.1 and Acrobat 9.1 update corrects the JBIG2 stream array indexing error. The image compression format is used to convert binary images.

Adobe said it should have a patch release today for Adobe Reader 7 and 8, and Acrobat 7 and 8. An update to Adobe Reader 9.1 for Unix will be released by March 25.

Tags: Email and Messaging Threats (spam, phishing, instant messaging), VIEW ALL TAGS

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Email and Messaging Threats (spam, phishing, instant messaging)
	Messaging security risks have upper hand on solutions
	Web-based attacks skyrocket, pirating sites surge, security firms say
	Pushdo botnet uses Facebook to spread malicious email attachment
	Scareware report highlights successful business model
	How to prevent phishing attacks with social engineering tests
	Phishing protection begins with training, antiphishing evangelist
	Phishing attacks to remain a major problem, say security experts
	Barracuda acquires Purewire expanding Web security reach
	FBI raids phishing crime ring, nearly 100 arrested
	Massive phishing scheme affects Microsoft Hotmail accounts
	Email and Messaging Threats (spam, phishing, instant messaging) Research

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

CAPTCHA (SearchSecurity.com)

crimeware (SearchSecurity.com)

Operation Phish Phry (SearchSecurity.com)

pharming (SearchSecurity.com)

phishing (SearchSecurity.com)

Register of Known Spam Operations (SearchSecurity.com)

Rock Phish (SearchSecurity.com)

Sender Policy Framework (SearchSecurity.com)

spam cocktail (SearchSecurity.com)

spear phishing (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

More Tips to Secure Your Network

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy