Malicious PDF Exploits Security Flaw with Fresh Tactics
Security investigators are warning of malevolent PDF files that are employing one fresh tactic due to which nearly any kind of security software available is incapable of making detection. Eweek.com published this in news on April 29, 2011.
Note investigators at Sophos and Avast separately that during March 2011, PDF files circulated online which though the firms didn't mark as malevolent, however, they compromised computers merely if they were started. The PDF files arrived as e-mail attachments with the sender's address appearing dubious, while the messages informed of a supposed order receipt. Moreover, there were certain order numbers, though not real, given in the attachments.
Says Senior Threat Researcher Paul Baccas of Sophos Labs, anyone opening one of these attachments while running Adobe 9.3 or Adobe 8.1.1 on the affected PC is likely to land on an unintended website that serves malicious programs like ZBot, SpyEye alternatively bogus anti-virus. Eweek.com published this.
Incidentally, the investigators state that vulnerability exists inside a special utility called JBIG2Decoder an application that helps to zip monogram graphics, while letting a hacker exploit the application for concealing own malware so as to bypass security detection.
Thereafter, this harmful malware abuses the CVE-2010-0188 vulnerability with which hackers can influence Adobe Acrobat or Reader to make the applications crash and lead to a total system compromise.
Says Jiri Sejtko virus analyst at Avast, it's rather unbelievable that one image algorithm would serve as a filter with the typical characteristics to be applied to a desirable object. This according to him is why the company's anti-virus couldn't effectively unlock the code in the malware that originally appeared because of the attachment. InfoWorld published this in news on April 29, 2011.
Sejtko further says that this attack tactic in comparison to others can be found in very limited instances although one can find it being utilized in attacks that are targeted in nature. While the recent Adobe Reader editions are updated to close the CVE-2010-0188 vulnerability, end-users of the earlier editions, not similarly updated, continue to be susceptible and prone to attacks by the said PDF files. Eweek.com published this.
Related article: Malicious Scripts with Zero-byte Padding can Pass Undetected
» SPAMfighter News - 04-05-2011