News Stay informed about the latest enterprise technology news and product updates.

Adobe .pdf attacks multiply

With enterprises regularly trading .pdf files back and forth, IT administrators should be aware of some new attacks related to recently-patched flaws in the widely used Adobe Reader. Raul Siles at the SANS Internet Storm Center wrote a warning about the .pdf threat over the weekend on the organization Web site, and included additional advisories from VeriSign’s iDefense division. Here are some comments directly from the iDefense advisory:

“iDefense is observing exploitation of a recently patched vulnerability in Adobe Acrobat Reader. This vulnerability was discovered by Greg McManus of iDefense Labs and reported to Adobe in October 2007. Since Jan. 20, 2008 banner ads are actively serving malicious .pdf files that exploit the vulnerability and install the Zonebac Trojan.  Once installed the Trojan kills various anti-virus products and modifies search results and banner ads. Until two days ago, this attack did not have a patch available while being actively exploited in the wild.  A similar attack occurred in October 2007 when the same group used a Real Player zero-day exploit to install the Zonebac Trojan. No anti-virus vendors currently detect the malicious .pdf files though we have provided samples to all.  This type of exploit works for both Web browser and email attack vectors.  Exploitation affects all 7.x versions of Adobe Acrobat Reader and versions prior to 8.1.2.  Complete mitigation requires upgrading to Adobe Acrobat 8.1.2.”

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.