Attack Riddles Adobe Reader

[SameOldStory]

Interesting.

New Zero-Day Attack Riddles Adobe Reader

"Adobe software is everywhere. It's even more ubiquitous than Windows, and perhaps even more vulnerable to hacker schemes. "

"In an advisory posted on its website Wednesday, Adobe said essentially all versions of its Acrobat and Reader programs running on Windows, Macintosh and Unix-based machines have been exposed to a "critical vulnerability that could cause a crash and potentially allow an attacker to take control of the affected system."

I have a couple of unexpected crashes. Make me wonder.

"The dangerous code is being unleashed via PDF files that users are enticed to open by a phishing email offering courses from David Leadbetter, a world-renowned golf instructor. When the PDF file is opened, it downloads a hidden program that attacks the user's system."

I should be safe. IF that is the only one out there.

"While Microsoft (Nasdaq: MSFT) -- which is known for its "Patch Tuesday" regimen of issuing security fixes -- gets much more press about security issues, Adobe actually may be the victim of more attacks, Abrams suggested."

[khalleron]

Never open attachments from people you don't know, or from people you *do* know unless you're expecting them to send you something.

[Boston]

Speaking of not opening suspicious attachments and pdf files.

"Here You Have" virus hit today..many corporations today.

If you receive a message with this heading, do not open! Even if from someone you know. (Like many email viruses it will be sent from someone you know or has you in their address book).

The emails with the subject "Here You Have" contain a link that encourages readers to click on a PDF document file. But rather than a PDF, the file contains a Windows script that transmits a virus and spams the entire contact list of the person who opened the file.

A bit off-topic, but thought I would mention it.

[arcadata]

So is it good news that I only open all my emails on my iTouch now? I've noticed that I never read my emails on my laptop anymore.

[mr ploppy]

Foxit is better for PDF anyway.

[Penforhire]

Not so Adobe-centric, just the vector of the day. Never open files from stangers, especially if they have SCR extension type, lol. Not that Adobe is blameless but every sophisticated OS or program has vulnerabilities.

[abigsmurf]

Doesn't matter if you open a suspicious file or not. All you have to do is go to a web page with a malicious PDF embedded in it (or the adverts). The player will automatically try to open it and the malware will install itself. Doesn't matter if you're running Firefox or IE either.

[DMcCunney]

Adobe appears to be aware of it, if this is what is referred to:
http://www.adobe.com/support/securit...apsa10-02.html

I couldn't find anything relating to the specific threat mentioned on Adobe's site. Nor could I find any on security vendor Secunia's list, or in the Gibson Research security forums at grc.com.

You can see the current list of Adobe security advisories here:
http://www.adobe.com/support/security/

I'm always a bit cynical when an announcement like this stems from a company that sells software designed to protect you from such things.

I use Acrobat Reader here and haven't had problems. One thing I do do is set the Reader to open as a separate process, instead of installing as a plugin in the browser. This stems from problems a while back where Adobe Reader loaded in the browser as a plugin remained resident in memory even after you had closed the PDF and exited the browser.

To do so, open Adobe Reader, select Edit/Preferences, and under Internet, uncheck Display PDF in browser

It forces the Reader to launch as a separate process that does go away when you exit it.

Adobe embeds a version of JavaScript in the Reader. You can turn that off by selecting JavaScript in Edit/Preferences and unchecking Enable Acrobat JavaScript

Adobe Reader here is set to check for updates, so when Adobe issues a fix I'll get it automatically.

Meanwhile, as others have mentioned, never open email attachments unless you know what they are and who they are from. They are a favorite method of delivering malicious content. I use a GMail account as my primary email, so attachments all stay on Google's servers, and never actually reach my machine unless I choose to download them. They get scanned by my A/V software if I do.
______
Dennis

[SameOldStory]

Quote:

Originally Posted by abigsmurf

Doesn't matter if you open a suspicious file or not. All you have to do is go to a web page with a malicious PDF embedded in it (or the adverts). The player will automatically try to open it and the malware will install itself. Doesn't matter if you're running Firefox or IE either.

I had a really tough virus a couple of years ago while looking for some product information. The antivirus program I used at the time said that it caught it. It took about 3 or 4 hours to clean it up.

My wife thinks that you get a virus from porn sites. I had an anti-virus program on her computer but for whatever reason it was turned off. One day she's pounding on her keyboard yelling that I had to get her a new computer, hers was too slow. Needless to say, I couldn't connect to, or download from, any anti-virus web sites. I downloaded one from my computer to a USB drive and installed it on her computer. It found more than 350 pieces of spyware, malware, and viruses.

I now use the free version of Avast. It'll give you a pop-up when it detects a web page that tries to sneak something nasty into your computer.

[DMcCunney]

Quote:

Originally Posted by SameOldStory

My wife thinks that you get a virus from porn sites.

They aren't all virus ridden, but a number do host exploits of one sort or another. The most common attack vector is a claim you need a special codec to watch a video on the site. Download and install the codec, and you are pwned.

Quote:

I had an anti-virus program on her computer but for whatever reason it was turned off. One day she's pounding on her keyboard yelling that I had to get her a new computer, hers was too slow. Needless to say, I couldn't connect to, or download from, any anti-virus web sites. I downloaded one from my computer to a USB drive and installed it on her computer. It found more than 350 pieces of spyware, malware, and viruses.

I presume she now leaves the A/V software turned on?

Quote:

I now use the free version of Avast. It'll give you a pop-up when it detects a web page that tries to sneak something nasty into your computer.

I use Symantec Corporate, courtesy of an employer site license. There are an assortment of capable A/V products out there. You simply have to use one.

I treat viruses and malware like diseases. Diseases enter a system though a vector, and the simplest way to avoid problems is to ward the vectors. I have some simple rules of thumb when using Windows:

1. Don't use Internet Explorer as your web browser. Just don't. Most spyware/malware targets IE, and bounces off if you use something else.

2. Keep Windows fully patched. Turn on auto-update to get critical security patches automatically, and apply them.

3. Turn off Windows default behavior of "Hide known file type extensions". In Windows Explorer, click Tools/Options. Click the View tab. Uncheck the "Hide extensions for known file types" box. Attackers use this to disguise malicious content. If it's turned on, you don't know that email attachment labelled "cute kitten picture.jpg" is really "cute kitten picture.jpg.exe, and clicking on it executes the program.

4. Run a good A/V software package, and keep the virus signatures updated.

And on that line, viruses and spyware/malware are different kinds of threats. Do not assume protection software intended for one also protects against the other.

5. Run a firewall. There are an assortment of free firewall packages available for home users. If nothing else, make sure Windows Firewall is turned on. It does a decent job of stopping unauthorized outside access to your machine. Where it falls down is controlling outbound access from your machine.

6. Don't open attachments in email unless you are certain of where they are from and who sent them. (See #3 above for one reason why.)

7. Only download from known good sites that scan files on their end before making them available for DL.

8. Remember that the Internet is like a big city. It has bad neighborhoods you don't want to be in. Be aware of where you are and what you're doing.

9. See Rule 1.
______
Dennis

[SameOldStory]

I stopped using Norton a long time ago. Too much got by it. May be better today, but I'm no longer interested in it.

My favorite anti-virus software used to be McAfee. Until someone wrote a virus that turned it off. This was before it required a password to turn it off. That was a long time ago. Don't know if they still do that.

"1. Don't use Internet Explorer as your web browser. Just don't. Most spyware/malware targets IE, and bounces if it you use something else."

I think that most viruses get tested on the major anti-virus and web browsers before they get released. The win because so few people update their software, whatever it may be. I had a virus onetime because I was using an old version of Java.

Live and learn.

[DMcCunney]

Quote:

Originally Posted by SameOldStory

I stopped using Norton a long time ago. Too much got by it. May be better today, but I'm no longer interested in it.

I use Symantec Corporate. Same parent company, but vastly different product. I wouldn't touch Norton's consumer version with a stick.

Quote:

My favorite anti-virus software used to be McAfee. Until someone wrote a virus that turned it off. This was before it required a password to turn it off. That was a long time ago. Don't know if they still do that.

I haven't looked in some time. Intel bought McAfee last month for $7.68B, so I expect changes.

See http://techcrunch.com/2010/08/19/int...llion-in-cash/

Quote:

"1. Don't use Internet Explorer as your web browser. Just don't. Most spyware/malware targets IE, and bounces if it you use something else."

I think that most viruses get tested on the major anti-virus and web browsers before they get released. The win because so few people update their software, whatever it may be. I had a virus onetime because I was using an old version of Java.

IE is most targeted because it supports Active X controls. The way they are supposed to work is what happens when you visit MS Windows Update site in IE. A box pops up telling you the website wants to install software, asks permissions and offers to show you a digital certificate proving that the software is what it says it is and comes from the site it says it does. When you agree, the control downloads and executes in the context of your browser. The Active-X control is what scans your PC to see what Windows Updates you need.

Bad guys found ways to exploit security holes in Windows and IE to do "drive by installs" of rogue Active-X controls, that did not show any signs it was happening. You could get infected by visiting a compromised web site, and never know what happened till your machine started showing symptoms.

Firefox got a lot of early users because it was more secure than IE. A good deal of that was simply not supporting Active-X controls as a security measure. (You can get an add-on that will let you run Active-X controls in Firefox, but it's a "not recommended, and you better know what you're doing!" exercise.)

Google Chrome, Opera, and Safari also don't support Active-X, and are safer alternatives than IE. IE7 was supposed to be the big security push, and it's safer than IE6, but I still wouldn't call it secure.

My preference is Firefox, with the NoScript add-on that blocks scripting activity unless the site is in a whitelist.

Quote:

Live and learn.

I wish more people did learn.
_______
Dennis

[SameOldStory]

Google Chrome version 6.0.472.55

Don't bet too much money on it being safer. Avast popped up to say that it had detected something while I was using Chrome Monday or Tuesday. I don't get it often enough not to care what it is, I just close out the tab.

Is that a weekness of Chrome? Probably not, just Avast saying that something is there and I shopuld go away.


As I said, the people that write the virus will write it, AND test it, against anything that's popular. With so many people absolutely, and insanely, hating MS Windows most of the viruses will be aimed there.

Not that I'm paranoid, but I occasionally turn off "System Restore", and switch to "Safe Mode" before updating my anti-virus software. Then I'll scan in safe mode. Restart the computer and scan again. I'll do this if things seem strange. Mayby once a year in Windows XP, but only once in Windows 7.

[DMcCunney]

Quote:

Originally Posted by SameOldStory

Google Chrome version 6.0.472.55

Google Chrome us up to 7.0.517.0. You might wish to upgrade.

Quote:

Don't bet too much money on it being safer. Avast popped up to say that it had detected something while I was using Chrome Monday or Tuesday. I don't get it often enough not to care what it is, I just close out the tab.

Re-read what I wrote about what makes Chrome, Firefox, Opera and Safari safer. They are safer than IE because they don't support Active-X controls.

Those aren't the only threats out there, and a safe browser is only one component of a layered defense.

Quote:

Is that a weekness of Chrome? Probably not, just Avast saying that something is there and I shopuld go away.

Agreed. Browsers by nature go to web sites and display content. There's a limit to how much they can protect you from what you find there.

Quote:

As I said, the people that write the virus will write it, AND test it, against anything that's popular. With so many people absolutely, and insanely, hating MS Windows most of the viruses will be aimed there.

It's not hatred, it's opportunity. Virus and malware have shifted in recent years. Earlier writers of such things were out for recognition in their community of 733t HaXXors. Current ones are more directly criminal, and in it for the money.

Microsoft Windows has the overwhelming share of the market, so it's where the overwhelming share of threats are directed.

And bear in mind that viruses and spyware/malware are different kinds of threats. A/V software probably won't stop spyware/malware, and vice versa.

Quote:

Not that I'm paranoid, but I occasionally turn off "System Restore", and switch to "Safe Mode" before updating my anti-virus software. Then I'll scan in safe mode. Restart the computer and scan again. I'll do this if things seem strange. Mayby once a year in Windows XP, but only once in Windows 7.

I never do that. I've been on line in one form or another since the MS-DOS days and dial-up modems. The last virus that bit was a Word Macro virus on a floppy from my then boss, which was more a nuisance than anything else.

The last attempt at spyware/malware was a browser hijack attempt spawned by an auto-execute routine when opening a RAR file. It, too, was trivial to block.

I believe it's simpler to not get infected than to clean up the mess once you have been. Since I've had no significant problems in several decades, I think I'm on the right track in terms of security.
______
Dennis

[SameOldStory]

"The last virus that bit was a Word Macro virus on a floppy from my then boss,"

Interestingly the company I work for actually puts, what is basically, a browser hijacker on our laptops. I can get rid of it, but every time we log on to the company's network it gets added back on to the laptop. What does it do? It makes our home page the companies main trashy web site.

We're limited to what we can install on the laptops so the best way to get around it is with Google Chrome on a USB drive. But that's a nuisance so I just gave up.