Large-scale attacks exploit unpatched PDF bug
Adobe plans to patch Reader vulnerability next week
Computerworld - A week before Adobe is scheduled to patch a critical vulnerability in its popular PDF software, hackers are actively exploiting the bug with both targeted and large-scale attacks, a security researcher said today.
The SANS Institute's Internet Storm Center (ISC) reported Monday that they'd received samples of a new rigged PDF document that hijacked PCs using a bug Adobe acknowledged Dec. 14. Later last month, Adobe said it would not patch the bug until Jan. 12. In his write-up of the sample, ISC analyst Bojan Zdrnja called the attack PDF "sophisticated" and its use of egg-hunt shellcode "sneaky."
"Egg-hunt shellcode" is a term for a multi-stage payload used when the hacker can't determine where in a process' address space the code will end up.
Today, Joshua Talbot, security intelligence manager at Symantec, confirmed that the malicious PDF exploited the Adobe Reader and Acrobat vulnerability, but unlike Zdrnja, said it wasn't out of the ordinary. "It's not particularly novel or sophisticated," Talbot said.
All the maker of the recently-discovered exploit did, Talbot added, was take code published in a 2004 research paper and make minor modifications. "These techniques aren't new or clever, but the same things that all attackers are doing," Talbot argued.
Although the malicious PDF described by ISC has been seen in only limited numbers -- designed for high-profile targets, such as company executives or personnel with access to network passwords -- Symantec has monitored bigger attacks exploiting the PDF bug. One attack generated more than 34,000 detections on Symantec's global detection network, peaking on Dec. 31 before falling sharply.
"We're definitely seeing activity out there, since the vulnerability is unpatched," said Talbot. When asked to put that attack on the size scale, Talbot answered, "That puts it in the class of being actively exploited. It shows that there's both going on ... that attackers are crafting one-off exploits for their own purposes, and that there are people who are trying to distribute exploits to as many people as possible."
The updates for Reader and Acrobat, which will include patches for other vulnerabilities as well as the one disclosed last month, will be posted to Adobe's security support site Jan. 12.
Adobe tries to ship security updates for Reader and Acrobat each quarter, and issues those updates on the same second-Tuesday of the month that Microsoft has long used for its patch schedule.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Malware and Vulnerabilities White Papers | Webcasts