Adobe Reader Vulnerability Being Actively Exploited

It seems like some recently patched flaws in Adobe Reader are actively being exploited in the wild, mostly via malicious banners from various sites.

Nothing particularly nasty is happening, but a trojan is being installed which can intercept search engine results. It’s definitely recommended to update to the latest version (8.1.2).

Personally I don’t have such a problem…as I use Foxit Reader instead, I find Adobe software incredibly bloated.

iDefense says that on Friday it saw the same banner ad tactic being used in the wild to install a Trojan horse program. That Trojan, dubbed “Zonebac,” disables various anti-virus products and modifies the victim’s search engine results. As of late Friday evening, the company claims that not a single commercial anti-virus product detects this thing as malicious.

While having some unwelcome program monkey with your search results may not sound like the worst thing to have happen to your PC, cyber criminals may find more nefarious purposes for this vulnerability.

It’s an interesting target for criminals because Adobe Reader has a truly enormous install base, yet it is one of those applications that so few people even think to update regularly. According to Adobe, more than 500 million copies of Adobe Reader have been distributed worldwide on 23 platforms and in 26 languages. The product also is distributed by the top 10 PC manufacturers.

That’s a lot of installs of Adobe Reader, I would hazard a guess that only 10-20% max are regularly updated to the latest version – that leaves an aweful lot of people vulnerable to some pwnage by these spammers.

You can work out the rest of the figures yourself..

Adobe released an updated security advisory for this patch late Thursday, but it didn’t contain many more details than the original advisory, other than to credit iDefense and several other security vendors for reporting vulnerabilities. iDefense said an internal researcher discovered the flaw, and that the company alerted Adobe back on Oct. 11, 2007. A spokesperson for Fortinet, also credited in the latest advisory, said researchers alerted Adobe to their findings on Nov. 1, 2007.

Steve Gottwals, senior product management for Adobe Reader, declined to say how many vulnerabilities this 8.1.2 patch fixed, but confirmed reports that the attackers were already exploiting the flaw.

At least Adobe aren’t too slow with updates, I wish their software wasn’t so hugely bloated, come one it’s a PDF reader how freaking huge does it have to be?

It just displays PDFs!

Well it has to be 22.4mb for the latest Windows version, compare that with Foxit Reader which is 2.2mb – much faster and does exactly the same things.

I know which I prefer.

Source: Security Fix

Posted in: Exploits/Vulnerabilities, Windows Hacking

, , , , , , , ,

Latest Posts:

Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

18 Responses to Adobe Reader Vulnerability Being Actively Exploited

  1. eM3rC February 11, 2008 at 9:12 am #

    Thanks Darknet for the post.

    Although I have not heard of many people using adobe products to spread their malicious deeds, it seems like adobe products in general are very easy to hack. Take for example photoshop. One of my friends showed to that all one has to do to crack the program is replace the shortcut. Thats it… Replace 1 2.4mb file… Seems kind of sad considering it is around $1000.

  2. Ian Kemmish February 11, 2008 at 11:46 am #

    I don’t know what the position is these days, but in the early days there were just three implementations of JPEG code – Adobe’s, the IJG’s, and mine. This suggests that fixing of JPEG exploits would in general be “out of sync” between Adobe and the rest of the world. Sometimes malicious images that work with everything else wouldn’t work with Acrobat, and sometimes vice versa.

    As for bloat…. well, any real OS has PDF rendering built into the window server (spot the smug Mac user), so you’d only use Acrobat for the other things it gives you, not for viewing static documents.

  3. Pantagruel February 11, 2008 at 12:09 pm #

    I guess most people use Acrobat reader just because it’s the only one they know. We get the odd user screaming for Adobe acrobat suite to generate pdf files themself. We always hand out a gpl-ed solution saving quite some money while getting the same result (they always think they need all the wisstles and bells from the Adobe suite but never generate more than just a pdf from their txt processor or spreadsheet.)
    Darknet points us to Foxit Reader and is absolutely right about the bloated size of Adobe products (and a bloated price tag but that’s something diferent)

  4. eM3rC February 12, 2008 at 2:11 am #

    It seems as though the computer using public is very ignorant to computers and most of the things that happen to them in general.

    Of the many people I worked for, almost none had an adequate form of computer protection and they believed the slow computers were the way they were “just because”. I think as time progresses the youth (who know far more computers than the old timers) will bring about a trend in increased computer knowledge although companies such as microsoft should make people more aware of the threats on the internet.

  5. Pantagruel February 12, 2008 at 4:06 pm #


    In computer land it’s up to the knowledgeable few to both educate and protect the masses from the harms stemming from the Net.
    The typical user doesn’t want to be bother with all the “tech talk” but expects a perfectly running machine. Judged by the market penetration MS should pick up the challenge and provide basic safety from a clean install (and beyond). MS is trying very hard with their “One Care” package but it seems a half hearted attempt. We should not forget the anti-trust suite, ‘preventing’ MS from throwing in too much software that might hinder fair competition (at least in the European distro, to my opinion they -EU committee- have a point).

    The youngsters will know by far more then we will do, but it’s fun to see that the up and coming generation of computer wizards is oblivious to old skool tools and the power of the CLI. A younger colleague passed his ‘ MS proof of point and click’ certificate (sorry I just do not like MSCE and alikes) but is still left in a bind if he cannot initiate a remote desktop to a server (guess i’ll have to teach him about ssh/CLI and so on)

  6. Pantagruel February 12, 2008 at 5:38 pm #

    Guess I really didn’t need to add more comments about the quality of MS ‘One care’

  7. J. Lion February 12, 2008 at 9:50 pm #


    It’s been almost a year – hopefully, MS has a stronger offering.

  8. eM3rC February 13, 2008 at 2:38 am #

    I am in total agreement with you but I have one point to bring up… Apple. Their OS works with flawless speed and any problems that seem to arise from the OS are fixed almost immediately. I know they are not perfect, but they are as close to it in the computer world as I can think of.

    I think as time progresses there will be more people aware of computer security as well as hacking. Although there will be more and more protected computer the attacks will get more and more complicated ;)

    Its people like you and Sir Henry (where is he by the way?) who will make a huge impact on people who lack an acceptable amount of computer knowledge.

    @J. Lion
    Vista was almost as bad as Windows 98.

  9. Jim February 13, 2008 at 3:08 am #

    Thanks for the article. I could not agree more with you on FoxIt. What a great little app.

    A really annoying thing happened to me when my last MS security patches went in, MS realized that Adobe was not the default for pdf files and automagically changed my default pdf handler from FoxIt to MS Word!!!

  10. eM3rC February 13, 2008 at 5:04 am #

    I don’t know if you know how to fix the problem but just incase (or if someone else wants to know) here’s how you do it.

    First download or select a .pdf file on your computer. Next right click it and select “open with”. A new window should appear, scroll down to foxit, select it, and check the box that says something like “always use this program”. Click OK.

    Hope this helps someone out there.

  11. Jared February 13, 2008 at 5:10 am #

    I’m really fed up with adobe wanting to install the google toolbar with adobe reader. As a matter of fact I don’t really see the point of installing any toolbar on my browser. I think that it’s unfortunate for newby users that lots of the major software vendors hide these toolbar downloads in other programs so that distributer can make money.

  12. eM3rC February 13, 2008 at 6:34 am #

    Amen. Its even worse with things like computer operating systems where they load like 20+ programs on the computer.

    All I can say is read the boxes before installs and look for better alternatives for software such as Foxit.

    Good luck mate!

  13. Darknet February 13, 2008 at 7:50 am #

    I hate toolbars, but they all install on IE, which I don’t use so they don’t really effect me.

    I have seen some newb computers with 5-6 toolbars and they wonder why surfing is slow (Alexa, Yahoo!, Google, Stumble, MS Live! etc).

  14. Pantagruel February 13, 2008 at 1:17 pm #


    True some of the bigger PC suppliers (HP/Dell and such) are shipping their corporate machines with a bloated load of ‘handy and free’ software (toolbars, 30 day limited viral scanners. image processing packages, etc..). One of the first things in our SOP for installing a new pc (after physical check of the package) is do a full re-install without all the shit (unattended install, etc).

  15. J. Lion February 13, 2008 at 6:45 pm #

    Buying new PCs now require 2-10 hours of your time uninstalling crapware!

  16. eM3rC February 14, 2008 at 4:03 am #

    @For both J. Lion and Pantagruel
    Check out a piece of software called PC Decrapifier ( it removes a lot of that stuff and I found it saves a lot of time when setting up new computers.

    Mozilla for the win! :)

  17. Stamatis February 22, 2008 at 1:54 pm #

    I had many problems using Foxit Reader especially on printing.

  18. eM3rC February 23, 2008 at 4:25 am #

    I’ve been printing documents off of foxit for a few weeks and haven’t had any problems. Although you didn’t give any details do you think it might be the printer or might have to do with the document having some kind of security on it?

    I know some ebooks allow the user to view it but not copy or print whats in it.