Malware Purveyors Still Abusing Adobe Vulnerability; Sophos
Researchers from Sophos, the security company have said that authors of malicious software are still abusing one significant zero-day vulnerability within Adobe's Reader and Acrobat via a spam campaign that's disseminating it through the 'execution of remote code.'
The assault reportedly, involves an uninvited e-mail providing a financial report that apparently the New York-based Barclays Capital sent.
And while appearing quite crafty as well as convincing, the spam mail requests recipients to see an attached file which contains the current week's newsletter of the United States' financial sponsors associated with Barclays Capital. Thereafter, the message concludes by conveying thanks on behalf of Safwan.
Moreover, the attached file, named "Barclays Capital Financial Sponsors Weekly Newsletter.pdf" abuses the CVE-2011-2462 vulnerability. Additional e-mails resembling the above messages too have been found online as they pose as being sent from yet more well-known institutions.
Meanwhile, opening the attachment within Adobe Reader 9 alternatively previous versions, produces 3 files namely dump.exe, AcrA2CA.tmp and d3d8caps.dat.
The first one represents a malware-downloader, which reportedly, restores additional payload. Senior Security Advisor at Sophos, Chester Wisniewsky stated that the company had identified the malware getting pulled down as Mal/Dotter-A. Nakedsecurity.sophos.com published this on December 10, 2011.
Disturbingly according to Sophos' security researchers, it's because of the above kinds of junk e-mail campaigns which have caused malware to increase online. Their remark further gets the support of data Symantec published within its November 2011 report titled "November 2011 Symantec Intelligence Report" that states that 40.2% of all e-mails laced with malware consisted of web-links that led onto malevolent sites, accounting for a huge 20.1% rise from October 2011.
Furthermore, ever-since Adobe confirmed the said zero-day vulnerability within its Reader and Acrobat software, the Sophos-detected malware-laced bulk messages scam hasn't been the only one detected. For, prior to this, Symantec tracked down spam mails having malevolent PDF files, which abused this very vulnerability, while the messages were dispatched to chemical companies, telecommunications firms and defense contractors.
Adobe meanwhile, from the time reported the vulnerability, has been doing much towards fixing it and now it's about to release a security patch outside its scheduled update.
Related article: Malware Authors Turn More Insidious
» SPAMfighter News - 21-12-2011