{"id":2919,"date":"2011-04-02T10:24:42","date_gmt":"2011-04-02T14:24:42","guid":{"rendered":"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/?p=2919"},"modified":"2022-12-30T16:01:01","modified_gmt":"2022-12-30T21:01:01","slug":"adobe-notes","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/adobe-notes\/","title":{"rendered":"Adobe Notes"},"content":{"rendered":"

Malicious PDF Files Becoming the Attack Vector of Choice<\/a><\/h4>\n

\"Adobe<\/a> ZDNet<\/a> <\/em>points out<\/a> a report from Symantec\u2019s<\/a> MessageLabs<\/a> that malicious PDF files outpace other malicious attachments used in targeted attacks and now represent the attack vector of choice for malicious attackers compared to media, help files, HTMLs and executables.<\/p>\n

The report says that office-based file formats are a popular and effective choice used in some targeted attacks. Cybercriminals attempt to bypass spam and email filters by distributing the ubiquitous PDF that is often allow to pass through these layers of protection. In 2009, about 52.6% of targeted attacks used PDF exploits, compared with 65.0% in 2010, an increase of 12.4%. MessageLabs Intelligence Senior Analyst, Paul Wood says,<\/p>\n

PDF-based targeted attacks are here to stay, and are predicted to worsen as malware authors continue to innovate in the delivery, construction and obfuscation of the techniques necessary for this type of malware<\/p><\/blockquote>\n

Adobe Posts Its First Billion-Dollar Quarter<\/a><\/h4>\n

\"\"<\/a>The New York Times<\/a><\/em> reports<\/a> that the software maker Adobe posted its first $1 billion quarter in Q4-2010. Revenue rose 33 percent to $1.01 billion from $757 million last year. Adobe, which is based in San Jos\u00e9, CA makes Photoshop, Acrobat, and Flash software.<\/p>\n

Targeted attacks exploiting PDF bugs are soaring<\/h4>\n

Help Net Security<\/a><\/em> reports that Adobe is having a hard time fighting its bad reputation when it comes to products riddled with vulnerabilities. Help Net Security<\/em> references a report from F-Secure’s Lab<\/a> which says that Adobe Reader exploits are becoming the weapon of choice for many cybercriminals.<\/p>\n

\"F-Secure\"<\/p>\n

This makes patching and updating eminently important. As an example the latest critical vulnerability (CVE-2010-0188<\/a>) which Adobe warned users to update the software to the latest version. Users who missed the memo are vulnerable, F-Secure<\/a> (FSC1V<\/a>) warns it is being exploited in the wild.<\/p>\n

Upon loading the PDF file, an embedded executable is dropped on the victim’s hard disc and it immediately tries to connect with tiantian (.) ninth (.) biz to download other files.<\/p>\n

F-Secure has warned long ago about security problems plaguing Adobe’s most famous software. The security firm has even advised users to start using an alternative PDF reader. According to Help Net Security<\/em> Adobe’s, decision to schedule their updates to follow Microsoft’s Patch Tuesday is a step in the right direction.<\/p>\n

Malicious PDF spam with Sality virus<\/h4>\n

\"\"Help Net Security<\/a><\/em> highlights a Sophos<\/a> warning<\/a> that a malicious email containing the following text has been dropped into inboxes around the world:<\/p>\n

Hey man..
\nRemember all those long distance phone calls we made.
\nWell I got my telephone bill and WOW.
\nPlease help me and look at the bill see which calls where yours ok..<\/p><\/blockquote>\n

\"Sophos<\/a>You surely don’t remember such an occurrence or the sender of the email, since this is just a ploy to make you open the PhoneCalls(.)pdf attachment, but don’t let your innate curiosity get the better of you.<\/p>\n

The attached file can exploit a vulnerability in how Adobe Reader handles TIFF images<\/a>\u00a0and proceeds to download and execute a Trojan<\/a> that loads the Sality<\/a> virus into your system’s memory. The virus then proceeds to append its encrypted code to executable files, deploys a rootkit, and kills anti-virus applications.<\/p>\n

Sophos reminds everyone that opening documents attached to unsolicited emails is like the online equivalent of Russian roulette – the odds are stacked heavily against you.<\/p>\n

Adobe, The New King Of Security Holes<\/a><\/h4>\n

Information Week<\/em><\/a>\"Adobe\"<\/a> reports<\/a> that Microsoft<\/a> (MSFT<\/a>) has spent more than a decade improving its secure software development and its response to security exploits. As a result, Microsoft is losing the lead in security vulnerabilities and being replaced by Adobe<\/a> (ADBE<\/a>).<\/p>\n

With Microsoft’s improved response to security holes, the pickings in Windows itself are getting slimmer. Attackers don’t have brand loyalty, so they’ve moved on to another company with lots of PC installed base: Adobe. Security holes are being exploited in Adobe Reader<\/a> and Illustrator<\/a>. Adobe makes this problem worse because it has bundled unwanted applications and their AIR<\/a> software platform with their free applications like Adobe Reader. Adobe is looking to create an attractive installed base for their developers, but they are also creating an attractive attack surface for the bad guys.<\/p>\n

Protecting yourself from Adobe’s security holes can be difficult.\u00a0 There are non-Adobe solutions such as Foxit Reader<\/a>, which is much faster and lighter than Adobe Reader but has had problems with\u00a0 PDF documents with editable fields. InfoWeek<\/em> provided some specific tips that may help avoid security problems.<\/p>\n