from Sunbelt Blog by Sunbelt Software Blog
Our good friends over at iDefense sent us a heads-up on some nastiness occurring with unpatched Adobe Acrobat 7 and 8 versions.
According to their advisory (attached here, PDF):Since Jan. 20, 2008, banner ads have actively served malicious PDF files that exploit the vulnerability and install the Zonebac Trojan horse. Once installed, the Trojan kills various antivirus products and modifies search results and banner ads. A similar attack occurred in October 2007 when the same group used a Realplayer zero-day exploit to install the Zonebac Trojan.
No anti-virus vendors currently detect the malicious PDF files. This type of exploit can be used in Web browser and email attack vectors. This vulnerability affects Adobe Acrobat Reader v7.x and versions prior to 8.1.2. Complete mitigation requires upgrading to Adobe Acrobat 8.1.2.
Adobe security advisory link here.
We’ve analyzed the binaries of this attack and it’s real. Updating Acrobat is easy: Just go to Help/Check for Updates. Do it as quickly as possible.
Alex Eckelberry
I am a regular subscriber of Alan. I recommend you do the same if you are serious about spyware and other snooping issues. He’s reported many exploits and problems over the years. When I first read this one though I was suspicious that it might be a bit over the top. It’s one thing to distribute real-world malicious files in .PDF’s … but the statement that these also shut down various antivirus products seemed pretty darn powerful. So I followed the Adobe link. You should too!
Seems to me I was getting a lot of update notices from Adobe, but apparently that was a false assumption. My reader was way out of date. Why take chances, update now! Thanks, Alan.
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.