Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Adobe Reader hacker attacks rapidly increasing

Add to     Digg this story Digg this

January 5, 2010

One more time, potential hackers are targeting Adobe Reader with an unusually sophisticated attack. Last week, Internet security firm McAfee predicted that Adobe's PDF Reader will be the most attacked software in 2010.

Adobe's PDF Reader software uses what's known as egg-hunting shellcode to compress the first phase of the malicious payload into just 38 bytes, a tiny size that's designed to thwart anti-virus detection. As a result, just four of the 41 major anti-virus programs detect the attack more than six days after the exploit surfaced, according to some analysis from Virus Total.

Click here to order the best dedicated server and at a great price.

The shellcode then loads an obfuscated binary file contained in the PDF file that installs PoisonIvy, a backdoor client used to maintain control over infected personal computers.

"Not only was this a very interesting example of a malicious PDF document carrying a sophisticated virus, but it also revealed the length attackers are willing to go to in order to make their malware as hard to detect as possible, not only for the anti-virus vendors, but also for victims," wrote Bojan Zdrnja, a SANS-Center worker who analyzed the exploit.

Just to make the attack even harder for end users to detect, the obfuscated binary even runs a third executable file that does nothing more than open a benign file called baby.pdf on the infected machine. Zdrnja believes this is done to deflect attention and prevent users from figuring out their PC has just been compromised.

Adobe has said today that a proper security patch wouldn't come until late next week, the same day Microsoft is slated to release its next installment of security fixes. The vulnerability, which is classified as CVE-2009-4324, has been under targeted attack for more than three weeks.

Since then, white hat hackers have also added a security exploit to the Metasploit framework for enterprise perimeter penetration testers.

The PDF documents were distributed through e-mails that were specifically targeted at an unnamed organization, Zdrnja said. Based on the metadata found in the PDF compromised document, it originated in China and was produced on December 29, 2009.

Overall, the wide availability of exploits targeting now-patched vulnerabilities suggests that a significant portion of users don't run the most recent version of the programs.

These latest "in-the-wild attacks" are bound to add fuel to critics who say Adobe software, which runs on well more than 95 percent of the world's PCs and corporate workstations, needs to be better screened for such security vulnerabilities.

Adobe says it is currently in the process of designing a new security patch updater that will fix vulnarabilities in Adobe Reader, Acrobat Reader and Flash without requiring user interaction.

Beta users are slated to begin testing it around Jan. 21. We will keep you updated.

Additionally, Adobe has also pledged to improve the overall security of Reader and Acrobat by using software "fuzzers" and other such tools to proactively discover bugs that can be exploited.

Since then, hackers have beat Adobe in spotting new critical vulnerabilities at least twice, including the latest attacks in December.

Add to     Digg this story Digg this

Source: Adobe.

Get the best Linux or Windows Web hosting plan for your website.
Get the lowest rate and the best tech support on any Linux or Windows hosting plan. Learn more by clicking here.

Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer

Install your server in Sun Hosting's modern colocation center in Montreal. Get all the details by clicking here.

Get your Linux or Windows dedicated server today.

The industry's best and most accurate tool to find out EXACTLY what your CORRECT keywords are. Click here to learn more.