HolidayBuyer's Guide

Spyware, Viruses, & Security forum

General discussion

NEWS - October 10, 2009

by Donna Buenaventura / October 10, 2009 3:29 PM PDT
New Adobe Zero-Day Exploit

Trend Micro threat analysts were alerted to the discovery of a zero-day exploit that affects Adobe Reader and Acrobat 9.1.3 and earlier versions (CVE-2009-3459). Trend Micro detects this as TROJ_PIDIEF.UO. This .PDF file contains an embedded JavaScript, which Trend Micro detects as JS_AGENTT.DT. This JavaScript is used to execute arbitrary codes in a technique known as heap spraying. In addition, there is a possibility that a future variant may be created that does not use JavaScript to exploit the said vulnerability.

Based on our findings, the shellcode (that was heap sprayed) jumps to another shellcode inside the .PDF file. The said shellcode then extracts and executes a malicious file detected by Trend Micro as BKDR_PROTUX.BD. The said backdoor is also embedded in the .PDF file and not the usual file downloaded from the Web. Protux variants are known for their ability to provide unrestricted user-level access to a malicious user. Earlier variants of the Protux backdoor were seen to have been used as payload in previous attacks exploiting vulnerabilities in Microsoft Office files.

As of this writing, Adobe has indicated that it will include this vulnerability in its upcoming security update release. Meanwhile, users are recommended to disable JavaScript in Adobe Acrobat/Reader to mitigate the said attack.
Discussion is locked
You are posting a reply to: NEWS - October 10, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - October 10, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Hacker Gary McKinnon fails to have his case heard in front
by Donna Buenaventura / October 10, 2009 3:31 PM PDT
of UK Supreme Court

Yesterday, as I was returning from a vacation in Istanbul (I'll leave stories of my close encounter with a bellydancer and a bout of food poisoning - hopefully unrelated - to another time), I heard of the latest sadly predictable twist in the long running saga of Gary McKinnon's attempts to avoid extradition to the United States.

McKinnon, who suffers from Asperger's Syndrome, was arrested seven years ago after breaking into computers belonging to the US Army, US Navy, US Air Force, Department of Defense and NASA.

The 43-year-old hacker claims that he accessed the computer systems only to hunt for top secret information about anti-gravity propulsion systems and alien technology, which he believed the authorities were hiding from the public.

For their part, the US authorities claim that McKinnon caused some $800,000 worth of damage.

At the end of July, McKinnon and his supporters lost a judicial review which they hoped would lead to a British investigation into his case, rather than extradition to the USA. Following that setback the team requested the right to appeal to the UK's new Supreme Court.

Yesterday it was announced that McKinnon will not be allowed to take his appeal against extradition to the UK Supreme Court, because his case is not of "general public importance".
Collapse -
Websense: This Month in the Threat Webscape
by Donna Buenaventura / October 10, 2009 3:33 PM PDT

This month was a busy month for SEO poisoning attacks, with high-ranking search engine results littered with malicious links leading to rogue antivirus. Affected search terms were based on timely events such as 9/11, Labor Day sale, and even around the hype surrounding Google Wave invites. New York Times suffered from a malvertising incident, a worm was found wiggling throughout Wordpress installations, more Microsoft and Apple vulnerabilities—just read on for more. It's a really dangerous Web 2.0 world, and we want you to be protected.

Collapse -
Google Online Security: The Malware Warning Review Process
by Donna Buenaventura / October 10, 2009 3:35 PM PDT

As part of Cyber Security Awareness Month, Google's Anti-Malware Team is publishing a series of educational blog posts inspired by questions we've received from users. October is a great time to brush up on cyber security tips and ensure you're taking the necessary steps to protect your computer, website, and personal information. For general cyber security tips, check out our online security educational series or visit To learn more about malware detection and site cleanup, visit the Webmaster Tools Help Center and Forum.

Google's anti-malware efforts are designed to be helpful to both webmasters and website visitors. Google continuously scans our web index for pages that could be dangerous to site visitors. When we find such pages, we flag them as harmful in our search results, and also provide this data to several browsers so that users of these browsers will receive warnings directly. We undertake this process as part of our security philosophy: we believe that if we all work together to identify threats and stamp them out, we can make the web a safer place for everyone. While we believe these processes are important steps in helping to protect our users, we also understand the frustration felt by the webmasters of flagged sites. This is why we notify webmasters as soon as we discover that their sites have been compromised. Additionally, we provide webmasters with a tool to file a review once they have cleaned their site. The review process works as follows.

Read about it in

Collapse -
Google patches Android DoS vulnerabilities
by Donna Buenaventura / October 10, 2009 3:37 PM PDT

Google has shipped a new version of the Android open-source mobile phone platform to fix a pair of security flaws that could lead to denial-of-service attacks.

According to an advisory from oCERT, a group that handles vulnerability disclosure for open-source projects, the flaws could allow hackers to render Android-powered devices useless.

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Cameras that make great holiday gifts

Let them start the new year with a step up in photo and video quality from a phone.