Adobe vulnerability exploits are mounting

Share this article:

A new and previously unknown exploit toolkit exclusively targets Adobe's PDF format.

According to a blog on the company's TrustedSource site, Secure Computing's Anti-Malware Research Labs has identified a toolkit dubbed the “PDF Xploit Pack.”

The blog entry says: “Typical functions like caching the already infected users are deployed by this toolkit on the sever side. Whenever a malicious PDF exploit is successfully delivered, the victim's IP address is remembered for a certain period of time. During this ‘ban time' the exploit is not delivered to that IP again, which is another burden for incident handling.”

The exploit joins other toolkits that have been enhanced with PDF exploits, such as one called the “El Fiesta” toolkit. But other analysts feel that any rise in overall PDF exploits may be coming from older, more entrenched attack kits, notably Neosploit.

“Based on the statistics we're analyzing right now, extrapolating it onto the Neosploit code base, and looking at two months of history, the rise in the exploitation of PDF vulnerabilities can definitely be attributed to Neosploit,” said Ian Amit, director of security research, Aladdin Knowledge Systems.

“El Fiesta distribution is very limited," he added, "and anecdotal evidence seems to indicate that the large number of PDF attacks cannot be directly attributed to PDF Xploit Pack or El Fiesta."

A patch for these exploits is available from Adobe, but, as Amit noted, “Not everyone patches quickly – and these attacks are continuing to be successful.”

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.