Malware Penetrates Allegedly Patched Adobe Reader

Recently, a severe vulnerability in Adobe Acrobat has been discovered by the Shadowserver Foundation, which is being efficiently abused by scammers to install malware on the systems of unaware users.

As per the advisory from Shadowserver, while the vulnerability has been verified in Adobe Reader's 8.1.3 and 9.0.0 versions running on Windows XP Service Pack 3, it is assumed to be working on other versions also. According to Steven Adair, Security Expert at Shadowserver, adobe versions for machines running Linux and Apple's OS X are yet to be examined, but they may also be vulnerable, as reported by TheRegister on February 20, 2009.

The firm has revealed that multiple variants of the malware are presently active. One of the variant installs a remote access Gh0st RAT Trojan. The booby-trapped PDFs are already being detected by several anti-virus programs. Security firms, Symantec and Trend Micro have flagged the attacks as Trojan.Pidief.E and TROJ_PIDIEF.IN respectively. Both the firms have rated the threat as low; however, it was their one week old analysis. It seems as if attackers have raised the exploit since the second week of February 2009 when the threat was first identified.

Shadowserver feels that very few targeted attacks are being launched by exploiting the vulnerability of Adobe Reader. Though, these sorts of attacks are often more destructive.

Citing the solution to the problem, researchers at Shadowserver said that disabling the JavaScript would certainly prevent malware from getting installed on the PC, as per the advisory released by Shadowserver on February 19, 2009.

To follow the solution, user should open Adobe Reader, click Edit > Preferences > JavaScript and then, he/she should uncheck the box reading "Enable Acrobat JavaScript". However, researchers have warned that it may still result in the crash of application. But they further commented that it should rather be an easy choice to make - the mild loss in functionality or a crash versus system being hacked and valuable information being stolen.

Meanwhile, the firm believes that Adobe has acknowledged the issue and is efficiently working to fix it.

Related article: Malware Authors Turn More Insidious

» SPAMfighter News - 3/2/2009