Adobe PDF under attack again

As it became fashionable to expose security holes for Adobe Reader and Acrobat. Now, they discovered critical security holes every month. Are you still using Adobe to read PDF files?

This time, all Adobe Reader and Acrobat versions are vulnerable and Adobe has not yet found a solution for this vulnerability. Infected pdfs exploit weaknesses in JavaScript in Adobe, if i’m more precise AcroForm JS.  You can’t run Adobe Reader without that, that’s why so difficult to find a good solution.

The difference is in the fact that previously infected pdf files contaion only links to malicious code, this time, the malicious code is already attached. And more, some infected pdf files are digitally signed by a valid certificate, issued to the American secure2.eecu.com

Stuxnet becoming a trend

Do you remember the Stuxnet case last month? The Kaspersky Lab expert Roel Schouwenberg forecast for year 2011 to be year of digitally signed malware with certificates stolen from well-known companies.

adobe ranljivost najdena v pdfvir: Contagio Malware Dump

Anti-virus software has detected it as a Troj/PDFJs-ME, Win32/PDFJsc.HQ, Troj/Agent-OOH … One fot he installed files from infected pdf is golf clinic.pdf and new processes added acrord32.exe and cmd.exe. It’s all associated with the website academyhouse.us.

Chet Wisniewski from Sophos Lab expert recorded what is happening on your computer when you open pdf file with this malicous code.

Recommendation

Check if your antivirus program contains latest patches and it should have included live web protection as for example AVG have Link Scanner and finally in Sophos where they have Live Protection. And of course be careful opening pdf files attached to mail with obvious spam content and from unknown person, especially if it offers improvement of our golf strokes.

More details on malicous code and search for protection:
Contagio Malware Dump

Sophos: Adobe advises on new Reader and Acrobat vulnerability

Metaxploit: Return of the Unpublished Adobe Vulnerability

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.