It seems like some recently patched flaws in Adobe Reader are actively being exploited in the wild, mostly via malicious banners from various sites.
Nothing particularly nasty is happening, but a trojan is being installed which can intercept search engine results. It’s definitely recommended to update to the latest version (8.1.2).
Personally I don’t have such a problem…as I use Foxit Reader instead, I find Adobe software incredibly bloated.
iDefense says that on Friday it saw the same banner ad tactic being used in the wild to install a Trojan horse program. That Trojan, dubbed “Zonebac,” disables various anti-virus products and modifies the victim’s search engine results. As of late Friday evening, the company claims that not a single commercial anti-virus product detects this thing as malicious.
While having some unwelcome program monkey with your search results may not sound like the worst thing to have happen to your PC, cyber criminals may find more nefarious purposes for this vulnerability.
It’s an interesting target for criminals because Adobe Reader has a truly enormous install base, yet it is one of those applications that so few people even think to update regularly. According to Adobe, more than 500 million copies of Adobe Reader have been distributed worldwide on 23 platforms and in 26 languages. The product also is distributed by the top 10 PC manufacturers.
That’s a lot of installs of Adobe Reader, I would hazard a guess that only 10-20% max are regularly updated to the latest version – that leaves an aweful lot of people vulnerable to some pwnage by these spammers.
You can work out the rest of the figures yourself..
Adobe released an updated security advisory for this patch late Thursday, but it didn’t contain many more details than the original advisory, other than to credit iDefense and several other security vendors for reporting vulnerabilities. iDefense said an internal researcher discovered the flaw, and that the company alerted Adobe back on Oct. 11, 2007. A spokesperson for Fortinet, also credited in the latest advisory, said researchers alerted Adobe to their findings on Nov. 1, 2007.
Steve Gottwals, senior product management for Adobe Reader, declined to say how many vulnerabilities this 8.1.2 patch fixed, but confirmed reports that the attackers were already exploiting the flaw.
At least Adobe aren’t too slow with updates, I wish their software wasn’t so hugely bloated, come one it’s a PDF reader how freaking huge does it have to be?
It just displays PDFs!
Well it has to be 22.4mb for the latest Windows version, compare that with Foxit Reader which is 2.2mb – much faster and does exactly the same things.
I know which I prefer.
Source: Security Fix
- Rowhammer – DDR3 Exploit – What You Need To Know
- Santoku Linux – Mobile Forensics, Malware Analysis, and App Security Testing LiveCD
- Google Expands Pwnium Year Round With Infinite Bounty
- Active Exploitation Of Unpatched PDF Vulnerability
- Critical 0-day Vulnerability In Adobe Flash Player, Reader & Acrobat
- Hackers Target 0-Day Vulnerability In Adobe PDF Reader & Acrobat
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 229,600 views
- AJAX: Is your application secure enough? - 119,410 views
- eEye Launches 0-Day Exploit Tracker - 85,200 views