11 February 2008 | 13,186 views

Adobe Reader Vulnerability Being Actively Exploited

Acunetix Web Application Security

It seems like some recently patched flaws in Adobe Reader are actively being exploited in the wild, mostly via malicious banners from various sites.

Nothing particularly nasty is happening, but a trojan is being installed which can intercept search engine results. It’s definitely recommended to update to the latest version (8.1.2).

Personally I don’t have such a problem…as I use Foxit Reader instead, I find Adobe software incredibly bloated.

iDefense says that on Friday it saw the same banner ad tactic being used in the wild to install a Trojan horse program. That Trojan, dubbed “Zonebac,” disables various anti-virus products and modifies the victim’s search engine results. As of late Friday evening, the company claims that not a single commercial anti-virus product detects this thing as malicious.

While having some unwelcome program monkey with your search results may not sound like the worst thing to have happen to your PC, cyber criminals may find more nefarious purposes for this vulnerability.

It’s an interesting target for criminals because Adobe Reader has a truly enormous install base, yet it is one of those applications that so few people even think to update regularly. According to Adobe, more than 500 million copies of Adobe Reader have been distributed worldwide on 23 platforms and in 26 languages. The product also is distributed by the top 10 PC manufacturers.

That’s a lot of installs of Adobe Reader, I would hazard a guess that only 10-20% max are regularly updated to the latest version – that leaves an aweful lot of people vulnerable to some pwnage by these spammers.

You can work out the rest of the figures yourself..

Adobe released an updated security advisory for this patch late Thursday, but it didn’t contain many more details than the original advisory, other than to credit iDefense and several other security vendors for reporting vulnerabilities. iDefense said an internal researcher discovered the flaw, and that the company alerted Adobe back on Oct. 11, 2007. A spokesperson for Fortinet, also credited in the latest advisory, said researchers alerted Adobe to their findings on Nov. 1, 2007.

Steve Gottwals, senior product management for Adobe Reader, declined to say how many vulnerabilities this 8.1.2 patch fixed, but confirmed reports that the attackers were already exploiting the flaw.

At least Adobe aren’t too slow with updates, I wish their software wasn’t so hugely bloated, come one it’s a PDF reader how freaking huge does it have to be?

It just displays PDFs!

Well it has to be 22.4mb for the latest Windows version, compare that with Foxit Reader which is 2.2mb – much faster and does exactly the same things.

I know which I prefer.

Source: Security Fix





                

Recent in Exploits/Vulnerabilities:
- Heartbleed Bug SSL Vulnerability – Everything You Need To Know
- Oracle Java Cloud Service Vulnerabilities Publicly Disclosed
- ODA – Online Web Based Disassembler

Related Posts:
- Active Exploitation Of Unpatched PDF Vulnerability
- Critical 0-day Vulnerability In Adobe Flash Player, Reader & Acrobat
- Hackers Target 0-Day Vulnerability In Adobe PDF Reader & Acrobat

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 225,347 views
- AJAX: Is your application secure enough? - 118,949 views
- eEye Launches 0-Day Exploit Tracker - 84,996 views

Low-cost VPS Hosting

18 Responses to “Adobe Reader Vulnerability Being Actively Exploited”

  1. eM3rC 11 February 2008 at 9:12 am Permalink

    Thanks Darknet for the post.

    Although I have not heard of many people using adobe products to spread their malicious deeds, it seems like adobe products in general are very easy to hack. Take for example photoshop. One of my friends showed to that all one has to do to crack the program is replace the shortcut. Thats it… Replace 1 2.4mb file… Seems kind of sad considering it is around $1000.

  2. Ian Kemmish 11 February 2008 at 11:46 am Permalink

    I don’t know what the position is these days, but in the early days there were just three implementations of JPEG code – Adobe’s, the IJG’s, and mine. This suggests that fixing of JPEG exploits would in general be “out of sync” between Adobe and the rest of the world. Sometimes malicious images that work with everything else wouldn’t work with Acrobat, and sometimes vice versa.

    As for bloat…. well, any real OS has PDF rendering built into the window server (spot the smug Mac user), so you’d only use Acrobat for the other things it gives you, not for viewing static documents.

  3. Pantagruel 11 February 2008 at 12:09 pm Permalink

    I guess most people use Acrobat reader just because it’s the only one they know. We get the odd user screaming for Adobe acrobat suite to generate pdf files themself. We always hand out a gpl-ed solution saving quite some money while getting the same result (they always think they need all the wisstles and bells from the Adobe suite but never generate more than just a pdf from their txt processor or spreadsheet.)
    Darknet points us to Foxit Reader and is absolutely right about the bloated size of Adobe products (and a bloated price tag but that’s something diferent)

  4. eM3rC 12 February 2008 at 2:11 am Permalink

    @Pantagruel
    It seems as though the computer using public is very ignorant to computers and most of the things that happen to them in general.

    Of the many people I worked for, almost none had an adequate form of computer protection and they believed the slow computers were the way they were “just because”. I think as time progresses the youth (who know far more computers than the old timers) will bring about a trend in increased computer knowledge although companies such as microsoft should make people more aware of the threats on the internet.

  5. Pantagruel 12 February 2008 at 4:06 pm Permalink

    @eM3rC

    In computer land it’s up to the knowledgeable few to both educate and protect the masses from the harms stemming from the Net.
    The typical user doesn’t want to be bother with all the “tech talk” but expects a perfectly running machine. Judged by the market penetration MS should pick up the challenge and provide basic safety from a clean install (and beyond). MS is trying very hard with their “One Care” package but it seems a half hearted attempt. We should not forget the anti-trust suite, ‘preventing’ MS from throwing in too much software that might hinder fair competition (at least in the European distro, to my opinion they -EU committee- have a point).

    The youngsters will know by far more then we will do, but it’s fun to see that the up and coming generation of computer wizards is oblivious to old skool tools and the power of the CLI. A younger colleague passed his ‘ MS proof of point and click’ certificate (sorry I just do not like MSCE and alikes) but is still left in a bind if he cannot initiate a remote desktop to a server (guess i’ll have to teach him about ssh/CLI and so on)

  6. Pantagruel 12 February 2008 at 5:38 pm Permalink

    Guess I really didn’t need to add more comments about the quality of MS ‘One care’

    http://www.darknet.org.uk/2007/03/microsoft%e2%80%99s-live-onecare-the-worst-anti-virus-solution/

  7. J. Lion 12 February 2008 at 9:50 pm Permalink

    @Pantagruel

    It’s been almost a year – hopefully, MS has a stronger offering.

  8. eM3rC 13 February 2008 at 2:38 am Permalink

    @Pantagruel
    I am in total agreement with you but I have one point to bring up… Apple. Their OS works with flawless speed and any problems that seem to arise from the OS are fixed almost immediately. I know they are not perfect, but they are as close to it in the computer world as I can think of.

    I think as time progresses there will be more people aware of computer security as well as hacking. Although there will be more and more protected computer the attacks will get more and more complicated ;)

    Its people like you and Sir Henry (where is he by the way?) who will make a huge impact on people who lack an acceptable amount of computer knowledge.

    @J. Lion
    Vista was almost as bad as Windows 98.

  9. Jim 13 February 2008 at 3:08 am Permalink

    Thanks for the article. I could not agree more with you on FoxIt. What a great little app.

    A really annoying thing happened to me when my last MS security patches went in, MS realized that Adobe was not the default for pdf files and automagically changed my default pdf handler from FoxIt to MS Word!!!

  10. eM3rC 13 February 2008 at 5:04 am Permalink

    @Jim
    I don’t know if you know how to fix the problem but just incase (or if someone else wants to know) here’s how you do it.

    First download or select a .pdf file on your computer. Next right click it and select “open with”. A new window should appear, scroll down to foxit, select it, and check the box that says something like “always use this program”. Click OK.

    Hope this helps someone out there.

  11. Jared 13 February 2008 at 5:10 am Permalink

    I’m really fed up with adobe wanting to install the google toolbar with adobe reader. As a matter of fact I don’t really see the point of installing any toolbar on my browser. I think that it’s unfortunate for newby users that lots of the major software vendors hide these toolbar downloads in other programs so that distributer can make money.

  12. eM3rC 13 February 2008 at 6:34 am Permalink

    @Jared
    Amen. Its even worse with things like computer operating systems where they load like 20+ programs on the computer.

    All I can say is read the boxes before installs and look for better alternatives for software such as Foxit.

    Good luck mate!

  13. Darknet 13 February 2008 at 7:50 am Permalink

    I hate toolbars, but they all install on IE, which I don’t use so they don’t really effect me.

    I have seen some newb computers with 5-6 toolbars and they wonder why surfing is slow (Alexa, Yahoo!, Google, Stumble, MS Live! etc).

  14. Pantagruel 13 February 2008 at 1:17 pm Permalink

    @Darknet

    True some of the bigger PC suppliers (HP/Dell and such) are shipping their corporate machines with a bloated load of ‘handy and free’ software (toolbars, 30 day limited viral scanners. image processing packages, etc..). One of the first things in our SOP for installing a new pc (after physical check of the package) is do a full re-install without all the shit (unattended install, etc).

  15. J. Lion 13 February 2008 at 6:45 pm Permalink

    Buying new PCs now require 2-10 hours of your time uninstalling crapware!

  16. eM3rC 14 February 2008 at 4:03 am Permalink

    @For both J. Lion and Pantagruel
    Check out a piece of software called PC Decrapifier (http://www.pcdecrapifier.com/) it removes a lot of that stuff and I found it saves a lot of time when setting up new computers.

    @Darknet
    Mozilla for the win! :)

  17. Stamatis 22 February 2008 at 1:54 pm Permalink

    I had many problems using Foxit Reader especially on printing.

  18. eM3rC 23 February 2008 at 4:25 am Permalink

    @Stamatis
    I’ve been printing documents off of foxit for a few weeks and haven’t had any problems. Although you didn’t give any details do you think it might be the printer or might have to do with the document having some kind of security on it?

    I know some ebooks allow the user to view it but not copy or print whats in it.