Patched Adobe Vulnerability Exploited to Infect US Defense Contractors
F-Secure Labs, an Internet security company, has just identified an interesting cyber assault. Aimed at the US Military contractors, it uses security vulnerability in Adobe Reader that was recently patched during the 2nd week of January 2010.
The attack includes sending of a fake e-mail containing a malevolent PDF document and poses as a message from the Department of Defense. The document talks about the seminar scheduled to be conducted during March 2010 in Las Vegas.
Security researchers state that the PDF exploit uses the recently patched doc.media.newPlayer security flaw (CVE-2009-4324). The vulnerability, which emerged in the Multimedia.api used by Adobe, when exploited, can let a hacker execute malicious software.
According to Adobe, the vulnerability affects Reader in both Macintosh and Windows versions. The exploit plants an executable namely 'Updater.exe.' This executable represents a backdoor linked to 18.104.22.168 IP address. Anyone controlling this IP will be able to acquire admission into the infected PC along with other computers within the network. F-Secure reports that this IP is located in Taiwan.
Moreover, the backdoor avoids detection by evading the area web-proxy during the establishment of its link with the IP, the security company said.
Notably, a week ahead of Adobe's plan to release the security patch for a critical flaw in its widely-used PDF application, cyber attackers exploited the flaw to launch large scale as well as targeted attacks. In this context, the Internet Storm Center of SANS Institute reported models of the latest malware-ridden PDF file, which compromised computers via the abovementioned flaw.
Consequently, the researchers at F-Secure suggest that computer users should update their applications at the earliest in the wake of attack carrying out active exploitation.
The security researchers stated that in light of malevolent PDF files very common now-a-days, they were again advising the same. Moreover, users should not trust uninvited attachments, and also ensure that they have up-to-date antivirus software.
Related article: Patched Adobe Acrobat Reader Still Causing Threat
» SPAMfighter News - 27-01-2010