Malware Exploits Adobe Zero-day Flaw

According to a warning released by security researchers, cyber criminals are exploiting the zero-day security flaw in Adobe Reader, Acrobat and Flash using malicious software.

Joji Hamada, Researcher at Symantec, states that the malware threat, which exploits the flaw, is a PDF file named Trojan.Pidief.J. It installs a backdoor component on the compromised PC and run a flaw-ridden application, as reported by SCMagazineUK on June 8, 2010.

According to Hamada, the vulnerability can be exploited through various ways. Firstly, an e-mail containing a malevolent PDF attachment or a link leading to the malevolent PDF file could help in exploiting the vulnerability. Secondly, a website containing the malevolent SWF, implanted inside HTML code. Thirdly, a malicious SWF or PDF file is encountered while doing web surf. These three methods enabled cyber criminals to exploit the Zero-day vulnerability.

At this juncture, Hamada added that the attacks appeared restricted, as reported by ComputerWorld on June 8, 2010. Nevertheless, Hamada feels that other online crooks will join the race of exploiting the flaw very soon.

Apart from Symantec, Trend Micro (another Internet security company) spotted the Adobe vulnerability. According to this company, the malevolent file taking advantage of the flaw is called TROJ_PIDIEF.WX.

Commenting on the attack medium, Andrew Storms, Director of Security Operations at nCircle Security, stated that if the attack continues, Adobe might find itself in a tough situation. The company wasn't preparing itself if the attack medium grow or switch, thereby require Adobe to accelerate still more, as reported by ComputerWorld on June 8, 2010.

Adobe's job has become harder since the exploit has been made public, says Chief Security Officer HD Moore at Rapid7 who also created Metasploit, the popular hacking toolkit. Moore adds that the attack code for Adobe Flash's new zero-day vulnerability should be incorporated into Metasploit fast using the knowledge of this public specimen, as reported by Twitter on June 8, 2010.

Finally, security researchers advise users to go to Adobe's website and read the security advisory carefully. Thereafter, they should devote some time in determining the possible workarounds, which by following, can help them avoid getting victimized with the offensive attack.

Related article: Malware Authors Turn More Insidious

» SPAMfighter News - 6/16/2010