Security vendors say a recently exposed vulnerability in Adobe's Acrobat and Reader applications is being exploited by a Russian phishing network spreading a fairly old Trojan virus.
Adobe released a patch for the flaw Monday after confirming a report by U.K.-based researcher Petko Petkov that Microsoft Windows XP users were vulnerable to system takeovers via malware spread through malicious PDF files opened in the vendor's latest Acrobat and Reader versions.
For now, at least, security vendors say the damage has been fairly minimal.
"We're not seeing this as being exploited in the wild very much at all. The PDFs we have seen seem to be spam originating from a Russian phishing network. What they're spreading is a Trojan phisher called Snifula, which is pretty old and not a new threat," said James Heimbuck, head of definition development at Boulder, Colo.-based Webroot.
Heimbuck said the Webroot team hadn't seen any spam relays being created through the Adobe vulnerability. In addition to phishing for private data, a common practice of malware spreaders is to create networks of compromised computers, or botnets, to send large amounts unsolicited e-mail unbeknownst to those computers' owners.
"The exploit works by disabling the Windows native firewall, then using FTP to download a file and execute it. The exploit is new, but the actual content of what's being downloaded and run is old news," said Webroot's Justin Bertman, manager of threat research development.
Though the vulnerability involved Windows XP specifically, Bertman blamed Adobe for the flaw rather than Microsoft.
"It's targeting Windows because of the architecture it sits on. It's not Windows fault. It's Adobe's fault for leaving a window open. Microsoft doesn't take the black eye on this one," he said.
Criminals are increasingly able to find vulnerabilities in the most popular operating systems and applications, said David Mayer, senior product manager at recent Cisco acquisition IronPort.
"It's getting more and more dangerous and the criminals are acting more and more quickly. I work primarily on the spam side and spammers are using fairly ubiquitous applications to compromise systems. Everybody's got Adobe, so it's really dangerous," Mayer said.
Ivan Arce wasn't surprised by the news of the Adobe flaw, saying "it was coming and it was predictable." The CTO of Boston-based vendor Core Security advised vulnerable parties to install some form of endpoint security if they hadn't already.
This latest episode of playing catch-up with the cybercriminals was all the more reason to take security seriously, said Powersolution.com's David Dadian.
"We haven't run across [the Adobe exploit], knock wood. And the reason for that is that our infrastructures are multi-layered," said the CEO of the Ho-Ho-Kus, N.J.-based solution provider.
"We have the e-mail layer protected. There's a second layer that is a combination of Fortinet products. The third is on the network, where we run a Symantec layer. Sometimes there's an additional Sendio layer, which is a challenge-response filter that catches all spam."
|
Symantec's Code Red: Anonymous Member's E-Mails With Law Enforcement Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- iPhone Vulnerability An Open Door For Hackers - Researcher
- Symantec Says Anonymous Behind Extortion Plot
- FBI Confirms Cybercrime Conference Call Hacked
- The Daily App: Photoshop Touch for Android
- Adobe Warns Of Critical Flaw In Reader, Acrobat
- Microsoft Taps Cisco Exec To Manage Public Sector Business
- Microsoft Sets Feb. 29 For Windows 8 Consumer Preview Release
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
