Recent Forum Topics
- XP 64-bit installaton onto an US...
- The upcoming new tool for Win 7/...
- Possible to get movable Address...
- Microsoft Windows\Office Qu...
- xp home sp3 in reboot loop, no f...
- The best third-party parental co...
- Are RAMDisks worth it?
- Aero Glass for Win8.1 1.2.5
- Aero Glass Customizer for Win8.1
- UPXing Compatibility
Adobe promises Reader zero-day patch on Friday
Posted on Dec 15 2011 01:03 PM by xper in Security
Nine days ago, the company confirmed a critical bug in Reader and promised to fix the flaw in Reader and Acrobat 9.x this week.
The exploits uncovered by security researchers were aimed specifically at Reader 9.x using malformed PDF documents attached to bogus emails.
A day after Adobe acknowledged the vulnerability, researchers at Symantec confirmed that attacks had targeted defense contractors, as well as individuals working in the telecommunications, manufacturing, computer hardware and chemical sectors. The attacks spiked Dec. 1, Symantec said.
The attackers may have been hoping to steal confidential information from the targeted firms.
If opened by the recipient, the malicious PDF hijacked the Windows PC, then infected those machines with "Sykipot," a general-purpose backdoor Trojan that was first spotted being used in March 2010 as the payload in attacks exploiting a then-unpatched bug in Microsoft's IE6 and IE7.
Later research by Symantec and others found hints of Chinese involvement: Code remnants were in the Simplified Chinese character set, and the malware's command-and-control (C&C,) server was traced to a Chinese IP address.
But unlike Symantec, independent security researcher Brandon Dixon didn't think a national government or other well-funded organization was behind the Sykipot attacks that exploited the Reader flaw.
"The tool used to create this [malicious PDF] document has little modularity or sophistication.... For this reason alone I have a hard time believing this attack was created by a nation-state government," Dixon said in a blog post last weekend, one of three in which he analyzed the threat.
"Instead, I think this was done by a small group of people whose motivation would be to support their government and send data back to them. This sort of behavior fits the Chinese hacker model and gives a bit more value to the Chinese traits identified within the document and dropper."
The patched versions of Reader and Acrobat 9.x will be available tomorrow from Adobe's website. Alternately, users will be able to run the programs' integrated update tool or wait for the software to prompt them that a new version is available.
Source: Computer World