NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0387 Adobe PDF Exploit Infects Many Thousands:
Security researchers say attackers have been exploiting one of
the recently revealed vulnerabilities in Adobe Reader for at least three weeks,
with one researcher estimating the infection count at "many thousands"
so far. On Tuesday, 5 February, Adobe Systems Inc. acknowledged that its
popular PDF viewer sported several flaws, and patched them that same day.
HOwever, it has yet to spell out the exact number or nature of the bugs. But one
of those vulnerabilities has been actively exploited since at least 20 January,
said researchers at the SANS Institute's Internet Storm Center (ISC) and
VeriSign Inc.'s iDefense. According to an analyst with ISC, a malicious PDF
(Portable Document Format) file has been spreading a Trojan horse from a server
based in the Netherlands. The first evidence of the attack came in a 20 January
message on an Italian message forum from a user who noted that three of his PCs
had been infected, and traced the attack to the Dutch IP address. The malware,
a variation of the "Zonebac" Trojan, disables a slew of anti-virus
programs and modifies search results and banner ads. On Friday, 8 February,
iDefense issued three security advisories that provided more information about
some of the vulnerabilities Adobe patched last week. ON Thursday, Adobe added a
security advisory to its web site, but the new alert did not provide any
additional details on the vulnerabilities it had patched. The new Reader 8.1.2,
which can be downloaded from the Adobe Web site or retrieved using the updater,
bundled with Reader, targets Windows and Mac OS/X users. Adobe does not yet
have a patched version 7 of the application, but said one would be made
available at some point.
(Computerworld 10FEB08)