Adobe’s ‘0-Day’ Exploitation Affects Defense Contractors
According to investigators from Symantec the security company, Internet-assaults abusing a zero-day security flaw within Adobe Reader seemingly aimed at defense contractors as well as other organizations.
On December 6, 2011, an online security advisory from Adobe cautioned users of Adobe Acrobat and Reader about the critical flaw arising from the way the applications gained admission into PDF files. Attackers as well abused the flaw on Windows-PCs running Adobe Reader 9.x, the advisory stated.
Further, Security Intelligence Manager Joshua Talbot from Symantec Security Response said that according to the Symantec investigators, attackers dispatched e-mails containing malevolent PDF files, which while abusing the vulnerability, targeted the inboxes of chemical and telecommunication organizations besides defense contractors. Eweek published Talbot's statement on December 7, 2011.
The manager also stated that the attack electronic mails had been disguised so that they seemed to be dispatched on 1st and 5th November 2011 from companies and agencies the recipients knew.
Additionally, the security company posted a redacted electronic mail's picture pertaining to the attack's lure i.e. an offer of one guide for 2012 depicting the policies and procedures of fresh contract awards. The e-mail was an illustration about the pitches, which attempted at so fooling its recipient that he willingly viewed the given PDF file in the attachment.
Moreover, with a caption reading "FY12 XXXXX Contract Guide," the e-mail's text just stated that the contract guide FY12 XXXXX was presently available that any XXXXX contractor could obtain, adding that the new instruction manual carried the latest details about the XXXXX contract awards' procedural policies.
As for the PDF file attachment, when viewed, it unleashed a hitherto concealed malware that possibly was a distorted 3D graphics content, which hijacked the target computer as well as allowed the attacker in contaminating the system via the malware.
According to Talbot, that malware was the same that hackers employed during early 2010 for exploiting vulnerability within Microsoft's Internet Explorer versions 6&7 that wasn't still patched. Computerworld.com published this dated December 7, 2011.
The malware, Symantec identified as "Sykipot" during 2010, whereas the PDF attachment as Trojan.Pidief as well as the installed element -Backdoor.Sykipot.
Related article: Adobe Rates Acrobat Vulnerabilities “Critical”
» SPAMfighter News - 19-12-2011