PDF files under attack

Just after Adobe patches Acrobat, exploits target vulnerable systems; one such exploit traced to Russian Business Network.

On Monday, Adobe released a patch for versions 8.1 and earlier of its Acrobat and Acrobat Reader. This patch affects Windows XP SP2 with IE7 and Adobe Reader 7 through 8.1 and addresses the flaws cited in CVE-2007-5020. If exploited, a criminal hacker could launch malicious code on an affected system.

Security researcher Petko D. Petkov first blogged about the vulnerablity in September and predicted that shortly after the patch's release there would be a flood of proof-of-concept exploits on the Internet. He was right. Because of the extremely high risk, Adobe is encouraging everyone to install the patch and update to Acrobat and Acrobat Reader version 8.1.1.

One of the exploits has been traced to the Russian Business Network (RBN). According to iSight Partners, the exploit installs two rootkit files from the UrSnif family. "Servers (81.95.146.1xx and 81.95.147.1xx) used in the attack have a history of malicious abuse including VML UrSnif attacks, animated cursor exploitation (ANI), and CoolWebSearch installations," says Ken Dunham of iSight Partners.

Dunham adds that the RBN attack arrives through e-mails with the subject of "STATEMET indigene" and attachments "YOUR_BILL.PDF" and "INVOICE.PDF".

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    HOT ON CNET

    Want affordable gadgets for your student?

    Everyday finds that will make students' lives easier: chargers, cables, headphones, and even a bona fide gadget or two!