Targeted attacks exploiting PDF bugs are soaring
Adobe is having a hard time fighting its bad reputation when it comes to products riddled with vulnerabilities. Adobe Reader exploits seem the weapon of choice of many a cyber criminal – as can be attested by the statistics regarding the samples gathered by F-Secure‘s Lab:
This makes patching and updating eminently important. Take for example the latest critical vulnerability (CVE-2010-0188) that can cause an application crash or possibly allow the attacker to execute arbitrary code via unknown vectors. Adobe warned about it almost three weeks ago and recommended users to update the software to the latest version, but there are users who missed the memo and the vulnerability – F-Secure warns – is being exploited for targeted attacks.
The sample was sent in by a European financial organization, and purportedly has something to do with the G-20 nations. Upon loading the PDF file, an executable embedded into it is dropped onto the victim’s hard disc and it immediately tries to connect with tiantian.ninth.biz in order to download other files.
F-Secure has warned long ago about security problems plaguing Adobe’s most famous software – they even advised users to start using an alternative PDF reader. They suggested that part of the problem is that users are unaware of the continuous updating they should perform to stay ahead of the criminals.
Could it be that Adobe has been more interested in playing down the bad publicity instead of admitting that they do have a lot of problems and need help from the users in dealing with it? In any case, things will have to change. A step in the right direction was made when they began to schedule their updates to follow Microsoft’s Patch Tuesday.