Adobe Products Become Common Targets for Cyber Criminals

As per security firm Kaspersky's latest report 'Information Security Threats in the First Quarter of 2010', currently Adobe applications are the major targets for hackers and virus author around the world because of their multi-platform capabilities and high popularity.

The report states that from the several varieties of exploit that were found, the Exploit.Win32.Pdfka family (with 42.97%) was the most famous. This exploit misuses vulnerabilities in Adobe Acrobat and Adobe Reader.

When taken together, the two families of exploits hitting Adobe products, Exploit.Win32.Pdfka and Exploit.Win32.Pidief, estimate almost for half of all the exploits detected. Security experts opine that these exploits are PDF documents carrying Javascript scenarios which install and execute other pieces of malware direct from the Web, without the knowledge of users.

Security researchers at Kaspersky claim that users of Adobe product usually do not know about the looming threat to which they are exposed.

Moreover, this discovery was supported by Roel Schouwenberg, Senior anti-virus Researcher, Kaspersky Labs, at the Kaspersky Lab Virus Analyst Summit held in Cyprus in the first week of June 2010. He stated that for the past one and a half years, Adobe has been the prime vector for cyber attacks, with 47.5% of exploits Adobe in Q1-2010, as per the news published by itweb.co.za on June 7, 2010. He further added that nearly 15% of cyber assaults targeted Microsoft.

Schouwenberg said that Microsoft has brought in some major improvements. For instance, XP Service Pack 2 introduced data execution prevention, which reduces the exploitation of some class of vulnerabilities. It also launched automatic updates and firewalls.

The security experts claimed that the hackers have turned towards browser plug-ins and similar things that are related with the browser and, thus, simpler to exploit. Today, 90% of attacks are conducted through Web. The attacks can be through any program that can be called through browser and does not have to be an appropriate plug-in.

Related article: Adobe Rates Acrobat Vulnerabilities “Critical”

» SPAMfighter News - 6/14/2010