Sinister Adobe Acrobat, Reader malware threatens Web browsers - Technology on NBCNews.com

Sinister Adobe Acrobat, Reader malware threatens Web browsers - Technology on NBCNews.com

Deal Price: News
nbcnews.com offers Sinister Adobe Acrobat, Reader malware threatens Web browsers - Technology on NBCNews.com for News.
"The exploit is noteworthy for its ability to circumvent security features that Adobe rolled out with Acrobat and Reader X, or 10, in November 2010, especially the "sandbox" meant to prevent exploits from affecting other processes.

It also bypasses newer security features, such as the address space layout randomization (ASLR) that Adobe introduced only this past October, and seems to tailor its attack depending on which version of Acrobat or Reader it encounters.

Acrobat and Reader are used to create and read portable document format (PDF) files. Adobe creates plug-ins that let Web browsers read PDFs, and those plug-ins are presumably also affected by this new exploit.

Browsers containing Adobe plug-ins could be vulnerable to drive-by downloads using this exploit. Infections could happen just by visiting a website rigged with malware.

Adobe is working on a patch, but in the meantime the company advises Windows users to upgrade to Adobe Acrobat/Reader 11 and turning on a feature called "Protected View."

"To enable this setting, choose the 'Files from potentially unsafe locations' option under the Edit > Preferences > Security (Enhanced) menu," said an Adobe security advisory updated Wednesday night.


Mac users can open PDFs using Preview instead; Linux users can use Google's Chrome browser, which has its own PDF reader.

Once on board, the exploit places two Windows dynamic-link-library (DLL) files onto the machine.

"The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks," FireEye explained on its blog Tuesday. "The second DLL in turn drops the callback component, which talks to a remote domain."

Russian security firm Kaspersky Lab said this attack was the first successful sandbox workaround for Reader X and subsequent versions.

"We can confirm the existence of a malicious PDF in the wild that's successfully able to break out of Adobe Reader's sandbox," Roel Schouwenberg, senior security researcher at Kaspersky Lab, told Threatpost. "We've seen successful exploitation on a machine running Windows 7x64 and Adobe Reader 11.0.1."

Interestingly, FireEye said in a follow-up blog posting yesterday that much of the JavaScript used by the exploit to attack Acrobat and Reader was in Italian.

Kaspersky's SecureList blog on Tuesday posted a report detailing how an exploit targeting a different Adobe product, Flash Player, and discovered and patched just last week, was used in police spyware created and marketed by an Italian firm called HackingTeam.

FireEye is warning users of Acrobat, Reader and Adobe browser plug-ins not to open PDFs until the problem is fixed."

More from: computerworld
and
pcworld
Deal or No Deal?
0   0

(2) thoughts from other users ...

xptrish
rep: 66.8k
Thank you,checking for the block suggested,if I can't find it i'm uninstalling,it's getting crazy lately! Thank you again!
xptrish posted Feb 14, 2013
  1 |   0
glwrks
glwrks replied:
You're welcome...I'm checking my system now. In the meantime, no PDFs.
Posted Feb 14, 2013
  0 |   0
Email to a friend
Facebook Share
Twitter

news deals

Quilted Northern - Coupon | Facebook
Quilted Northern - Coupon | Facebook
News (4 plusses)
McDonald's Profit Slides As Taco Bell Launches...
McDonald's Profit Slides As Taco Bell...
News (4 plusses)
Amazon adding HBO shows to Instant Video
Amazon adding HBO shows to Instant Video
News (4 plusses)
A Bigger iPhone 6 May Be Delayed for Battery Issues -...
A Bigger iPhone 6 May Be Delayed for Battery...
News (4 plusses)
Everything We Know (So Far) About iPhone 6 - Yahoo News
Everything We Know (So Far) About iPhone 6 -...
News (4 plusses)
Save 20% on Build Your Own French Toast only at...
Save 20% on Build Your Own French Toast only...
20% off (5 plusses)
ALDI US - Special Buys for Apr. 30
ALDI US - Special Buys for Apr. 30
News (5 plusses)
Discover Card | Return Guarantee - Up to $500 Refund...
Discover Card | Return Guarantee - Up to...
News (5 plusses)
Lowe's Weekly Ad | 04/24/2014 - 04/28/2014
Lowe's Weekly Ad | 04/24/2014 - 04/28/2014
News (5 plusses)
Home Depot Weekly Ad | 4/24/2014 - 4/30/2014
Home Depot Weekly Ad | 4/24/2014 - 4/30/2014
News (5 plusses)
GameStop Weekly Ad | 4/23 - 4/29
GameStop Weekly Ad | 4/23 - 4/29
News (5 plusses)
Tilting Amazon's phone could be the most important...
Tilting Amazon's phone could be the most...
News (5 plusses)
#AbolishOverages petition reaches 100k signatures in 8...
#AbolishOverages petition reaches 100k...
News (5 plusses)
Bruegger's : $9.99 for a big bagel bundle
Bruegger's : $9.99 for a big bagel bundle
News (5 plusses)
See the Android Wear-powered G Watch from every angle...
See the Android Wear-powered G Watch from...
News (4 plusses)
Purchase a specially-marked pack of Energizer® Brand...
Purchase a specially-marked pack of...
News (4 plusses)
Save up to $20 on select Crayola® products Look for...
Save up to $20 on select Crayola® products...
News (4 plusses)
Get up to $8 in Bunny Birthday Bucks (via a check or...
Get up to $8 in Bunny Birthday Bucks (via a...
News (4 plusses)
Get $8 in Bunny Birthday Bucks (via a check or...
Get $8 in Bunny Birthday Bucks (via a check...
News (4 plusses)
Smartphone Battery Charges in 30 Seconds | This Could...
Smartphone Battery Charges in 30 Seconds |...
News (4 plusses)
How to Sleep Like You're On Vacation - ABC News
How to Sleep Like You're On Vacation - ABC...
News (4 plusses)
Apple's can't text and drive patent - Yahoo Finance
Apple's can't text and drive patent - Yahoo...
News (6 plusses)
NEWS: Netflix - Price Hike
NEWS: Netflix - Price Hike
News (9 plusses)
RECALL: Troy-Bilt Electric Leaf Blowers Recalled by...
RECALL: Troy-Bilt Electric Leaf Blowers...
News (4 plusses)
Scoopfest 2014 at Baskin-Robbins Shops Nationwide...
Scoopfest 2014 at Baskin-Robbins Shops...
$1+ (68 plusses)
48 Hours Sale | Kohl's
48 Hours Sale | Kohl's
News (9 plusses)
Sun-Maid Kicks Off Snack 'n' Read Promotion With...
Sun-Maid Kicks Off "Snack 'n' Read"...
News (4 plusses)
Tech Five: Strong earnings fuel Netflix climb |...
Tech Five: Strong earnings fuel Netflix...
News (4 plusses)
SUBWAY-MAY- Featured Subs
SUBWAY-MAY- Featured Subs
Offers (15 plusses)
30% Off Skype Cards
30% Off Skype Cards
30% OFF (5 plusses)