Friday, January 15, 2010

Chinese attacks exploit Adobe "zero-day" weakness, Microsoft IE vulnerability; could be on web as well as attachments


There are numerous media reports that a supposedly patched vulnerability in Adobe’s PDF software was used to spread viruses that would give attackers access to critical intellectual property resources of a number of US technology companies, including but not limited to Google (and GMail). The scuttlebutt is that the attacks originated in Taiwan and somehow had the blessing or backdoor participation of the Chinese government.

Generally, home users, mostly overseas and mostly in China, got infected by clicking on PDF attachments to emails as in phishing attacks. But infected PDF’s could be out on the Web and be brought up by any search engine. Any user in the world could be infected. It’s not clear in McAfee, Norton, Webroot, Kaspersky, etc. have fully updated their definition files for all threats associated with these attacks yet.

In the past, Adobe has been considered safe. Microsoft Word documents have long been known to be capable of being infected (as with the “concept virus” of the mid 1990s) but home users have felt less reason to be wary of PDF’s. Until the problem is completely resolved users should be comfortable that PDF’s they click on come from reputable sources.

An article in Webpronews (by Chris Crum) gives some details, relating to a hole in Microsoft Internet Explorer and a “zero-day vulnerability” in Adobe Reader. The link is here. This would imply that browsing PDF files through Mozilla would not bring about the vulnerability, and computers which use Mozilla or Chrome as default browsers may be safer right now.

Wired News has a similar "Threat Level" story by Kim Zetter here.

Microsoft has a Security Advisory 979352 about the IE vulnerability here. In looking at the Update History on my own machine (Vista) I could not see that it had been applied yet.

Last summer US-CERT also published a report of a vulnerability in Adobe Flash Player, here.

No comments: