Adobe promises Reader zero-day patch on Friday
Clues in code point to Chinese hackers behind attacks against defense contractors
Computerworld - Adobe today said it will release a patch Friday for an older version of the Reader PDF viewer to stymie attacks like those aimed at major defense contractors earlier this month.
Nine days ago, the company confirmed a critical bug in Reader and promised to fix the flaw in Reader and Acrobat 9.x this week.
The exploits uncovered by security researchers were aimed specifically at Reader 9.x using malformed PDF documents attached to bogus emails.
A day after Adobe acknowledged the vulnerability, researchers at Symantec confirmed that attacks had targeted defense contractors, as well as individuals working in the telecommunications, manufacturing, computer hardware and chemical sectors. The attacks spiked Dec. 1, Symantec said.
The attackers may have been hoping to steal confidential information from the targeted firms.
If opened by the recipient, the malicious PDF hijacked the Windows PC, then infected those machines with "Sykipot," a general-purpose backdoor Trojan that was first spotted being used in March 2010 as the payload in attacks exploiting a then-unpatched bug in Microsoft's IE6 and IE7.
Later research by Symantec and others found hints of Chinese involvement: Code remnants were in the Simplified Chinese character set, and the malware's command-and-control (C&C,) server was traced to a Chinese IP address.
But unlike Symantec, independent security researcher Brandon Dixon didn't think a national government or other well-funded organization was behind the Sykipot attacks that exploited the Reader flaw.
"The tool used to create this [malicious PDF] document has little modularity or sophistication.... For this reason alone I have a hard time believing this attack was created by a nation-state government," Dixon said in a blog post last weekend, one of three in which he analyzed the threat. "Instead, I think this was done by a small group of people whose motivation would be to support their government and send data back to them. This sort of behavior fits the Chinese hacker model and gives a bit more value to the Chinese traits identified within the document and dropper."
Adobe today again told users -- as it did last week -- that it will not deliver patches for Reader and Acrobat 10 on Windows, or for any version of those applications on Mac OS X and Unix, until Jan. 10, 2012.
It has justified the delay by pointing out that Reader 10 includes an anti-exploit "sandbox" which blocks the in-circulation exploit, and that it has seen no sign of attacks targeting Mac or Linux machines.
The patched versions of Reader and Acrobat 9.x will be available tomorrow from Adobe's website. Alternately, users will be able to run the programs' integrated update tool or wait for the software to prompt them that a new version is available.
Adobe has not disclosed what time it will issue the Reader and Acrobat 9.x updates.
Friday's fix will be the sixth security update for Reader this year.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts