Adobe PDF Trojan Infects Many Thousands
- By Grey McKenzie
- Published 02/11/2008
Grey McKenzie
National Cyber Security Founder
Cyber security watchdog & one of the nation's leading cyber security experts, Grey McKenzie is also the Founder of SpyCop Security Software.
His clients include members of the Department of Homeland Security, FBI, CIA, State & Local Law Enforcement.
He is regularly consulted by industry leaders regarding cyber security issues.
To schedule a procedural, technical and non-technical network security audit of your company call 902-467-0200
(Computerworld) Attackers have been exploiting one of the recently-revealed vulnerabilities in Adobe Reader for at least three weeks, security researchers said today, with one estimating the infection count at "many thousands" so far.
On Tuesday, Adobe Systems Inc. acknowledged that its popular PDF viewer sported several flaws, and patched them that same day. However, it has yet to spell out the exact number or nature of the bugs.
But one of those vulnerabilities has been actively exploited since at least Jan. 20, said researchers at the SANS Institute's Internet Storm Center (ISC) and VeriSign Inc.'s iDefense. According to Raul Siles, an analyst with ISC, a malicious PDF (Portable Document Format) file has been spreading a Trojan horse from a server based in the Netherlands. The first evidence of the attack, said Siles, came in a Jan. 20 message on an Italian message forum from a user who noted that three of his PCs had been infected, and traced the attack to the Dutch IP address.
Siles quoted e-mail he received from iDefense researchers, who said that the malware, a variation of the "Zonebac" Trojan, disables a slew of anti-virus programs and modifies search results and banner ads.
