RSS Alerts

Share

More services

Related Links

Related Stories

  • Adobe issues quarterly patch
    Adobe distributed its first quarterly critical security update yesterday, finally patching a vulnerability that had been targeted by a zero day attack.
  • Adobe finally jumps on silent update bandwagon
    It's official — Adobe is releasing an automatic silent updater for its PDF Reader product on April 13. The company confirmed the news to Infosecurity US this week.
  • Sophisticated zero-day hits Adobe Reader
    More details are emerging of a zero-day attack on Adobe's PDF reader and Acrobat applications, and security experts are calling it highly sophisticated. Moreover, anti-malware tools have been woefully poor at spotting it.
  • Black Hat 2010: Microsoft and Adobe collaborate to share vulnerability information
    At Black Hat Las Vegas, 28th July 2010, Microsoft announced that it will extend its Microsoft Active Protections Program (MAPP) to include vulnerability information sharing from Adobe Systems.
  • Breaking the Online Bank
    As technology and online behaviors change, so too do methods to compromise a person’s – or organization’s – most vital assets: their financial details. Ted Kritsonis examines how cyber thieves are adapting, and what the banks are doing to stop them
    Members' Content

Top 5 Stories

News

PDF attacks target defense community

18 January 2010

Evidence of further targeted attacks are surfacing, just days after Google and other technology companies announced that they had been the victims of a concerted campaign. This time, the attacks targeted PDFs of those in the US defense community, and occurred more recently.

Anti-malware company F-Secure found the attack, embedded in a PDF document purporting to come from the US Air Force. "The document talks about a real conference to be held in Las Vegas in March", said Mikko Hyppönen, chief research officer at F-Secure.

The PDF document advertises the Mission Planning Users Conference (MPUC 2010), taking place in March. When opened, the PDF exploits the CVE-2009-4234 vulnerability, which lies in the doc.media.newPlayer function within Adobe Reader.

While Adobe patched this vulnerability on January 12, it has not yet switched on the silent auto update functionality for Acrobat or Reader's user base. This means that anyone not expressly agreeing to implement a patch will still be vulnerable to this attack.

According to F-Secure's analysis, the exploit drops a file called Updater.exe, which connects to an IP address in Taiwan, and bypasses any local web proxies in the process.

"While the 'Aurora' attacks against Google and others happened in December 2009, this happened just last week," Hyppönen said.

Late last week, iDefense backed down on its claim that Operation Aurora used vulnerabilities in Adobe Reader. "Upon further review, we are retracting our initial assessment regarding the likely use of Adobe vulnerabilities," the company had said.

Nevertheless, targeted attacks using this vulnerability do appear to be surfacing, and the sophisticated research suggests that the perpetrators know what they are doing, and are targeting individuals in the defense community.

This article is featured in:
Internet and Network Security • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012