November 07, 2008

Adobe Reader infections strike in the wild

Exploits of the recently patched Adobe Reader vulnerabilities have been reported in the wild.

Though the proof-of-concept code had just been published earlier this week, it was not surprising that an exploit surfaced so quickly, according to a blog post Friday by Bojan Zdrnja, a volunteer analyst at the SANS Internet Storm Center.

The payload is in a JavaScript object embedded in the PDF document.

The attackers appeared to modify the proof-of-concept so it would evade anti-virus detection, Zdrnja said. He added that as of about 10:50 a.m. EST, no anti-virus products were able to detect the malicious PDF exploit, according to VirusTotal, a malware scanning service. Later Friday afternoon, US-CERT issued a statement that "reports indicate that this exploit is currently undetectable by common antivirus applications."

Core Security Technologies, a security testing software solutions provider and one of the firms credited with discovering the flaw, published sample code when it notified users about the problem.

Adobe suggests users upgrade to version 8.1.3. Users of version 9 for Reader and Acrobat, released in June, are not vulnerable to the flaws.

Related Articles
Related Topics
Related Links

More in News

Attackers use Skype, other IM apps to spread Liftoh trojan

Countries in Latin America have been the primary targets in this campaign, researchers say.

Scammers on the hunt for Memorial Day deal watchers

Like they do with major news events and other holidays, online fraudsters are seeking to cash in on the upcoming Memorial Day weekend.

Proxy research firm settles charges with SEC over client breach

Institutional Shareholder Services (ISS), a research firm the advises clients on voting in proxy fights, must pay $300,000 to the U.S. Securities and Exchange Commission.