Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Adobe 9.0 PDF files continue to be unsafe to use

Add to del.icio.us     Digg this story Digg this

June 7, 2010

Hackers are continuing to exploit critical and unpatched security vulnerabilities in Adobe Reader 9.0, Acrobat and Flash Player.

Click here to order the best dedicated server and at a great price.

The whole thing actually started in January when hackers were targeting Adobe Reader with an unusually sophisticated attack. Last week, Internet security firm McAfee predicted that Adobe's PDF Reader will be the most attacked software in 2010.

Adobe's PDF Reader software uses what's known as egg-hunting shellcode to compress the first phase of the malicious payload into just 38 bytes, a tiny size that's designed to thwart anti-virus detection. As a result, just four of the 41 major anti-virus programs detect the attack more than six days after the exploit surfaced, according to some analysis from Virus Total.

The shellcode then loads an obfuscated binary file contained in the PDF file that installs PoisonIvy, a backdoor client used to maintain control over infected personal computers.

"Not only was this a very interesting example of a malicious PDF document carrying a sophisticated virus, but it also revealed the length attackers are willing to go to in order to make their malware as hard to detect as possible, not only for the anti-virus vendors, but also for victims," wrote Bojan Zdrnja, a SANS-Center worker who analyzed the exploit.

Just to make the attack even harder for end users to detect, the obfuscated binary even runs a third executable file that does nothing more than open a benign file called baby.pdf on the infected machine. Zdrnja believes this is done to deflect attention and prevent users from figuring out their PC has just been compromised.

The Adobe security vulnerabilities are platform independent and can affect users of Adobe products regardless of whether they run Windows, Mac or Linux systems, Adobe warns.

The software developer says that Adobe Reader and Acrobat version 8.x are not vulnerable, but users of the newer version 9.0 of the software are greatly at risk. Adobe has published a workaround involving the deletion of a library file connected with processing Flash content in PDF files pending the development of a more robust and permanent fix.

Adobe has yet to publish a timetable of when security patches will become available. Adobe Flash Player 10.0.45.2 and earlier versions are also vulnerable to the security hole. Users of Flash Player 10.1 release candidate may be in the clear but that's uncertain, as an advisory from Adobe explains.

Adobe's security issues are the latest in a series of security issues to plague Adobe software, joined closely with Microsoft's Internet Explorer browser and applications as the main targets of hacker attacks.

The latest security holes can be blamed on the support of exotic files and formats within PDF files, a problem that has cropped up also since the bug was discovered in January.

Add to del.icio.us     Digg this story Digg this

Source: Adobe Software.

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.


You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer



Install your server in Sun Hosting's modern colocation center in Montreal. Get all the details by clicking here.


Get your Linux or Windows dedicated server today.


The industry's best and most accurate tool to find out EXACTLY what your CORRECT keywords are. Click here to learn more.