Crooks are once again exploiting the zero-day hole in Adobe Reader and Acrobat to install a remote-control Trojan on victim machines.http://www.networksasia.net/content/new-year-new-attacks-against-adobe-zero-day
http://www.theregister.co.uk/2010/01/04/adobe_reader_attack/
Many people were expecting this to happen.
That flaw in Adobe is very severe…
Hope they fix it fast!
Hi malware fighters,
It is an advanced attack: http://isc.sans.org/diary.html?storyid=7867
Hackers are using it at the mo on the popular BitTorrent site IsoHunt.com,
block these from your OS: 193.104.22.0/24 and 89.149.236.46 this was already blocked 193.104.22.0/24
PDF-files have become the hacker-tool of sorts and this is proven by new advanced attack. The shellcode used in this attack was only 38 bytes large. While the same heap spraying technique has been used inside other exploits, the second part of the shellcode has been added as another object to the PDF document. At first the code seems to be corrupted, but then Adobe Reader will open the whole of the document into memory, as well as the corrupted code. According to Bojan Zdrnja the benefits for the attacker are crystal clear. He easily may change what the exploit is to perform, without the first part of the shellcode needs any change to it.
This will make automatic analysis with a Javascript Interpreting Tool for added malcoded JavaScript impossible. Research has found up two hidden binairies and also that the PDF doc has all aboard to take over a machine completely. No “extra’s” are to be downloaded. “Not only is this an example of a malicious PDF-document with an advanced payload, but also to show to what trouble malcreants will go to circumvent detection from av vendors and victims alike”, according to the ISC-handler,
polonus
P.S. Anyway Adobe is now going for silent uploads a la Google, hoping some added obscurity will add some added security. At the moment I hope they will patch this one soon. For a while I use an alternative reader…
Damian
Malwarebytes’ Anti-Malware Full blocks 193.104.22.0/24 and 89.149.236.46 8)
Hi malware fighters,
Just follow the thread of my alter ego luntrus here:
http://forums.informaction.com/viewtopic.php?f=8&t=3529
Keep walking on your toes, even if you have the full protection of NoScript extension in Fx:
You can further harden this protection by checking NoScript Options|Embedded|Apply these restrictions to trusted sites as well, which will disable all the plugin content unless you specifically enable it by clicking on placeholders.according to NS developer Giorgio Maone.However nothing can protect you against social engineering attack, i.e. making you voluntarily open a certain PDF file either from a web page or from an email message,
Disable JavaScript in Adobe. Update when they release the update. (Keep on your toes for the next exploit against Adobe.)http://blogs.adobe.com/psirt/atom.xml
Diasable JS in Foxit Reader as well: http://www.foxitsoftware.com/pdf/reader/
Forewarned is forearmed as always,
polonus aka luntrus aka Damian
Despite Danger, Adobe Says JavaScript Support Important
http://threatpost.com/en_us/blogs/despite-danger-adobe-says-javascript-support-important-010410
Large-scale attacks exploit unpatched PDF bug
http://www.computerworld.com/s/article/9143259/Large_scale_attacks_exploit_unpatched_PDF_bug
What is wrong with Adobe every time I go to the forum I see Adobe was attacked …
Is it safe to use their products ?
Do you like playing Russian Roulette?
http://www.youtube.com/watch?v=YXEm_Qi8Sgk
When it comes to timely security updates Adobe is a disgrace it gets an F minus. I use Foxit reader whenever possible and only install Adobe Reader if it is required then uninstall it. I have run into software where the users manual only works with Adobe reader. What really sucks is that most sites are now full of Adobe Flash and there isn’t a simple alternative replacement that works.
Joe
Did I say something wrong?
No, you did not say anything wrong.
YoKenny was just suggesting that using Adobe products is like playing Russian Roulette.
Then it 's okay? 
Anyway I use Foxit for PDF files…It,s free 