Critical Level Zero-day Attack Found, Affects All Versions of Adobe Acrobat and Adobe Reader
Adobe and others have warned against a critical-level security flaw affecting all recent versions of Adobe Acrobat and Adobe Reader for all platforms including Windows, Mac OS X and Linux.
The attack is known as a zero-day attack because it takes advantage of computer vulnerabilities that do not currently have a solution, making it even more dangerous. In this case, all versions of Acrobat and Reader are vulnerable. Attackers are going after the vulnerability by sending infected .pdf e-mail attachments to various users.
Adobe engineers will not be able to come up with a patch until March 11 for Acrobat Reader 9 and Acrobat 9 with earlier versions to follow.
We highly recommend that users of Mac OS X use the Preview application to view their PDF files. We’ve included a brief how-to on this at the end of the post.
Symantec employee Patrick Fitzgerald stated that the people behind these PDF’s “are using targeted attacks against high-ranking people within different organizations - for example, locating the CEO’s email address on the comanay website and sending a malicious PDF in the hope that their malicious payload will run.”
Symantec also said that “once the machine is compromised, the attackers may gain access to sensitive corporate documents that could be costly for companies breached by this threat.”
The vulnerability is caused by an error in parsing particular structures within the PDF format. Once the document is open, the trigger is pulled.
Users are urged to keep their antivirus definitions up to date and open PDF attachments ONLY from trusted sources.
The malicious PDFs using the exploit will be detected as Trojan.Pidief.E. as per the latest virus definitions. The malicious payload is detected as Backdoor.Trojan, a popular open-source toolkit originating from China, known as GH0ST.
The GH0ST backdoor is modular meaning that attackers can use it to view the desktop, record keystrokes or remotely access the compromised machine.
Mac OS X Users:
To set Preview as the default application for handling PDFs do the following:
1) Select any PDF on your desktop
2) Right click the PDF and select Get Info (or press ⌘ + i )
3) Select Preview under the Open with drop-down
4) Click “Change All…” to apply the setting to all PDFs