Criminals attempt to exploit unpatched hole in Adobe Reader

    Date16 Apr 2010
    Posted ByAnthony Pell
    According to several reports by anti-virus vendors, criminals have attempted to exploit an unpatched hole in Adobe Reader disclosed about two weeks ago to infect Windows PCs. The relevant malware includes the particularly dangerous ZeuS bot. The specially crafted documents are apparently sent to users as email attachments. The "Launch Actions/Launch File" function in Adobe Reader allows the execution of scripts or EXE files embedded in PDFs. Although Adobe Reader asks users to agree to the execution of the file, this dialogue can be designed in such a way that users have no idea they may be allowing an infection in to their systems. Sophos have posted a demo which tries to persuade users to click an OK button on their blog.

    A report from M86Security describes a PDF document that tries to install the ZeuS bot. When opened, the document tries to save a further PDF document which contains the actual malware. The documents are probably nested in an attempt to trick virus scanners. Interestingly, Reader opens a user dialogue before saving the file, but Foxit automatically saves the file without requesting confirmation. The current version of Foxit at least opens a dialogue when trying to start the bot that is hidden in the PDF

    You are not authorised to post comments.

    LinuxSecurity Poll

    Has your email account ever been pwned in a data breach?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.