Adobe Warns Of Zero-Day Exploit In Reader, Acrobat 9.2
Symantec researchers reported the attack to Adobe Monday after identifying the zero-day vulnerability as malicious Trojan Pidief.H, designed to steal victims' financial and personal information. The attack, which targets numerous versions of Windows, including XP, Windows Me, Vista, 2000 and Server 2003, has been seen in the wild since last Friday, according to the Shadow Server blog.
Adobe confirmed the zero-day vulnerability in Reader and Acrobat 9.2 on its PSIRT blog Monday, stating that it is currently investigating the related issues and assessing the security risks.
During the attack, users receive an infected PDF attachment via e-mail, accompanied by a social engineering message that attempts to entice them to open the file. Once opened, a malicious file is dropped, which automatically infects the users' system running either Adobe Reader or Acrobat, even if it is fully patched, according to Symantec.
A successful download subsequently enables hackers to infiltrate and take control of a user's system to steal information or incorporate their computer into a malicious botnet. Security researchers noted that the attack contains a malicious executable AdobeUpdate.exe, according to a SANS Institute report.
So far there is no patch repairing the Adobe flaw. However, Johannes Ullrich, SANs researcher, recommends in a blog post that users disable the JavaScript function in order to reduce the risk of becoming infected, while hinting that users be cautious when opening PDF attachments.
"I could recommend that you don't open any malicious PDF's," he said. "But it would probably be as useful to go and hide in a cave until all Adobe bugs got fixed."
This is not the first zero-day attack Adobe has had to address this year. Adobe reported a zero-day flaw targeting Adobe Reader as well as Adobe Acrobat version 9.1.3 in October. Meanwhile, Adobe issued a security advisory in July warning users of another zero-day vulnerability that also used malicious PDF files in an attack exploiting Flash.
With Adobe's latest zero-day flaw, Ullrich said, "It's not ground hog day, but it surely feels like it."