PDF files under attack

Just after Adobe patches Acrobat, exploits target vulnerable systems; one such exploit traced to Russian Business Network.

On Monday, Adobe released a patch for versions 8.1 and earlier of its Acrobat and Acrobat Reader. This patch affects Windows XP SP2 with IE7 and Adobe Reader 7 through 8.1 and addresses the flaws cited in CVE-2007-5020. If exploited, a criminal hacker could launch malicious code on an affected system.

Security researcher Petko D. Petkov first blogged about the vulnerablity in September and predicted that shortly after the patch's release there would be a flood of proof-of-concept exploits on the Internet. He was right. Because of the extremely high risk, Adobe is encouraging everyone to install the patch and update to Acrobat and Acrobat Reader version 8.1.1.

One of the exploits has been traced to the Russian Business Network (RBN). According to iSight Partners, the exploit installs two rootkit files from the UrSnif family. "Servers (81.95.146.1xx and 81.95.147.1xx) used in the attack have a history of malicious abuse including VML UrSnif attacks, animated cursor exploitation (ANI), and CoolWebSearch installations," says Ken Dunham of iSight Partners.

Dunham adds that the RBN attack arrives through e-mails with the subject of "STATEMET indigene" and attachments "YOUR_BILL.PDF" and "INVOICE.PDF".

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Force Friday and the best of IFA 2015

Attention Jedi in training: today is Force Friday. Also, the best of IFA 2015, a new personal safety app explodes in popularity, and new 21.5-inch iMacs are coming.

by Jeff Bakalar