Adobe Flaw Exploited In Malicious Attack
Attackers launched malicious code exploiting a buffer overflow vulnerability in Adobe Acrobat Reader 9 and multiple versions of 8 and 7, enabling them to infiltrate and completely take control of an affected system. The malware is distributed via infected PDF files, which is typically used in some kind of social engineering ploy that entices users to open the attachments, experts said.
"To be successful, you'd need to do some kind of social engineering -- an e-mail specifically addressed to a person or some kind of enticement or reason to open the PDF," said Kevin Haley, director of Symantec Security Response.
Once users opened an infected file, a backdoor Trojan is executed, designed to record keystrokes and steal data. The pilfered information is then sent to remote servers where it is compiled and sold on the underground market or used in identity theft activities.
Adobe said in its advisory that it planned to release security updates for Reader 9 and Acrobat 9 by March 11, followed by updates for versions 8 and 7. The company said in its advisory is also partnering with antivirus security companies McAfee and Symantec in an effort to address the issue.
Until Adobe readies a patch to fix the problem, security experts recommend that users disable the JavaScript function on Adobe Reader and Acrobat products, which will prevent code execution but could still allow a system crash.
Security experts said that the attack does not appear to be widespread, and is so far relegated to fewer than 100 incidents in small, targeted attacks. But that could change if more hackers take advantage of the exploit code, experts said.
"It's not a mad outbreak," Haley said. "Whoever is taking advantage of it now is doing targeted attacks. But it certainly is possible for someone else to expand its scope. That's the big fear."