Gumblar Trojan exploits Adobe Reader and Acrobat security hole
Wednesday, October 21, 2009
A security flaw in Adobe Reader and Acrobat is being actively exploited by cyber attackers with malicious PDFs. Security researchers at IBM's web security labs have seen a surge in attacks on this security vulnerability.
IBM researchers said on the Frequency X Blog that variants of the Gumblar Trojan are attacking security holes in Microsoft Office, web browser and Adobe products, but most of the attacks are aimed at Adobe Acrobat and Reader.
"Here in Managed Security Services, we've noticed a considerable elevation in our global hits on malicious PDF files," the IBM researchers said on the blog. "More specifically, the signature used to detect the latest Adobe Reader Remote Code Execution has picked up most of the activity."
Adobe disclosed the security vulnerabilities in its October 13 batch of security patches and recommends users of Adobe Reader 9.1.3 and Acrobat 9.1.3 and earlier versions update to Adobe Reader 9.2 and Acrobat 9.2.
The security bulletin from Adobe on the flaw said remote code execution could allow an attacker to take control of a user system if a victim opens a PDF file infected with the virus.
Related News:
Network security update not responsible for crashes - 2.24.2010
Reports of the so-called "blue screen of death" following the installation of the latest Microsoft security update are the result of malware, not a defect in the update.
Botnets and Chuck Norris take aim at network security - 2.22.2010
Last week, word spread of the Kneber botnet compromising more than 2,000 computers worldwide. With the start of a new week comes more malware attacks plaguing the web community. The so-called "Chuck Norris" botnet is attacking routers and DSL modems by guessing commonly used passwords.
Web security company warns of scareware's risk - 2.19.2010
The rise in scareware attacks and cyber criminal behavior in general forced DynaSis, an IT services company, to issue a warning to its users about the threat of fake anti-virus software infecting their computers on Friday.
Age-old trick with brand-new target - 1.18.2010
Cyber criminals have turned to a scam from the early days of the internet to target the growing smartphone market: Trojan phone dialers.
Report: 'At least 34' firms attacked at the same time as Google - 1.15.2010
The Washington Post asserts that many U.S. companies were targeted in the same network security and email breach that affected Google and provoked the company's highly publicized spat with the Chinese government.
|
