RSS Alerts

Share

More services

Related Links

Related Stories

  • PDF attacks target defense community
    Evidence of further targeted attacks are surfacing, just days after Google and other technology companies announced that they had been the victims of a concerted campaign. This time, the attacks targeted PDFs of those in the US defense community, and occurred more recently.
  • Sophisticated zero-day hits Adobe Reader
    More details are emerging of a zero-day attack on Adobe's PDF reader and Acrobat applications, and security experts are calling it highly sophisticated. Moreover, anti-malware tools have been woefully poor at spotting it.
  • Adobe admits to another PDF security vulnerability
    Adobe has announced its latest zero-day security vulnerability in what has become a litany of such flaws this year - and this one won't be patched until halfway through January.
  • Adobe patches critical zero-day flaw in Reader and Acrobat
    Adobe is patching a critical zero-day vulnerability in Adobe Reader and Acrobat that could enable an attacker to take control of an affected machine.
  • Adobe to patch critical flaw in Flash Player, Reader, and Acrobat next week
    Adobe plans to issue an emergency fix next week for a critical vulnerability in its Flash Player, as well as the authplay.dll component of Adobe Reader and Acrobat for Windows and Mac, which could cause a crash and allow an attack to take control of the affected system.

Top 5 Stories

News

New Zeus attack uses Adobe design flaw

15 April 2010

The Zeus botnet continues to spread graciously, according to new data collected by Websense – and other researchers say that it is exploring a recently discovered design flaw in the Adobe PDF file format.

Websense Security Labs has identified a trojan campaign spreading the Zeus software via email, with over 2200 messages seen as of 10 AM Eastern time today. The attack uses a malicious PDF file, using an embedded command that asks users to open another file when viewed. The attached PDF file asks to save a PDF file called Royal_Mail_Delivery_Notice.pdf. This file is actually a Windows executable that installs the Zeus trojan.

The executable creates a subdirectory in the Windows SYSTEM32 directory, and installs configuration files for itself, before copying itself as an executable and modifying the operating system registry so that it launches during system startup. It connects to a Chinese server, according to Websense. Malicious file analysis service Virustotal says that the file in question was detected by 20% of the anti-malware products tested.

Mickey Boodaei, CEO of anti-malware company Trusteer, said that the attack fulfilled his prediction, made recently, that a flaw discovered in Adobe's PDF file format would be exploited to install malware. The flaw, discovered by researcher Didier Stevens, enabled attackers to use the Launch function within the PDF specification to exploit a fully patched copy of Adobe Reader. Stevens showed how alterations to dialog boxes presented by Adobe Reader could be used in conjunction with a social engineering attack to persuade users to let a PDF file launch an executable program.

"We said last week that cyber criminals and hackers will try to exploit this structural Adobe issue using social engineering techniques, which [lure] Internet users into a false sense of feeling safe and that is exactly what has happened this week," Boodaei said.

This article is featured in:
Application Security • Internet and Network Security • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012