September 24th, 2008
Researchers discover PDF exploit packs
If you still need a reason to patch that installation of Adobe Reader, pay close attention to this discovery by Secure Computing’s anti-malware research labs.
The group has stumbled upon an exploit pack that exclusively targets PDF vulnerabilities, exposing millions of Windows desktops to malicious hacker attacks.
Secure Computing warns:
This new toolkit targets only PDFs, no other exploits are used to leverage vulnerabilities. Typical functions like caching the already infected users are deployed by this toolkit on the sever-side. Whenever a malicious PDF exploit is successfully delivered, the victim’s IP address is remembered for a certain period of time. During this “ban time” the exploit is not delivered to that IP again, which is another burden for incident handling.
Other existing toolkits have also been enhanced with PDF exploits lately. For example we spotted the “El Fiesta” toolkit to have also added exploits for the Portable Document Format.
[ SEE: Flash attack may as well have been zero-day ]
Unpatched third-party desktop applications are a big, big part of the malware epidemic on the Windows platform. As we learned during that Adobe Flash attack earlier this year, end users are very slow to apply these patches, giving the bad guys a huge opening for targeted, localized malware attacks.
I can’t recommend Secunia’s PSI (personal software inspector) highly enough. Please patch now.
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
