Add to del.icio.us     Digg this

June 7, 2010

Hackers are continuing to exploit critical and unpatched security vulnerabilities in Adobe Reader 9.0, Acrobat and Flash Player.

The whole thing actually started in January when hackers were targeting Adobe Reader with an unusually sophisticated attack. Last week, Internet security firm McAfee predicted that Adobe's PDF Reader will be the most attacked software in 2010.

Adobe's PDF Reader software uses what's known as egg-hunting shellcode to compress the first phase of the malicious payload into just 38 bytes, a tiny size that's designed to thwart anti-virus detection. As a result, just four of the 41 major anti-virus programs detect the attack more than six days after the exploit surfaced, according to some analysis from Virus Total.

The shellcode then loads an obfuscated binary file contained in the PDF file that installs PoisonIvy, a backdoor client used to maintain control over infected personal computers.

"Not only was this a very interesting example of a malicious PDF document carrying a sophisticated virus, but it also revealed the length attackers are willing to go to in order to make their malware as hard to detect as possible, not only for the anti-virus vendors, but also for victims," wrote Bojan Zdrnja, a SANS-Center worker who analyzed the exploit.

Just to make the attack even harder for end users to detect, the obfuscated binary even runs a third executable file that does nothing more than open a benign file called baby.pdf on the infected machine. Zdrnja believes this is done to deflect attention and prevent users from figuring out their PC has just been compromised.

The Adobe security vulnerabilities are platform independent and can affect users of Adobe products regardless of whether they run Windows, Mac or Linux systems, Adobe warns.

The software developer says that Adobe Reader and Acrobat version 8.x are not vulnerable, but users of the newer version 9.0 of the software are greatly at risk. Adobe has published a workaround involving the deletion of a library file connected with processing Flash content in PDF files pending the development of a more robust and permanent fix.

Adobe has yet to publish a timetable of when security patches will become available. Adobe Flash Player 10.0.45.2 and earlier versions are also vulnerable to the security hole. Users of Flash Player 10.1 release candidate may be in the clear but that's uncertain, as an advisory from Adobe explains.

Adobe's security issues are the latest in a series of security issues to plague Adobe software, joined closely with Microsoft's Internet Explorer browser and applications as the main targets of hacker attacks.

The latest security holes can be blamed on the support of exotic files and formats within PDF files, a problem that has cropped up also since the bug was discovered in January.

Add to del.icio.us     Digg this

Source: Adobe Software.

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.