New PDF Exploits Toolkit Targets Windows Users With Unpatched Adobe Reader
Discovery by Secure Computing’s anti-malware research labs shows that a new exploit pack exclusively targets PDF vulnerabilities, exposing Windows users to malicious hacker attacks. The Portable Document Format (PDF) is one of the file formats of choice commonly used today, since it’s widely deployed across different operating systems. On a down-side, this format has many known vulnerabilities which are exploited in the wild.
The toolkit targets only PDFs, no other exploits are used to leverage vulnerabilities. Typical functions like caching the already infected users are deployed by this toolkit on the sever-side. Whenever a malicious PDF exploit is successfully delivered, the victim’s IP address is remembered for a certain period of time. During this time the exploit is not delivered to that IP again, which is another burden for incident handling.
Other existing toolkits have also been enhanced with PDF exploits lately. For example, “El Fiesta” toolkit have also added exploits for the Portable Document Format. End users are usually very slow to apply software patches, giving the bad guys a huge opening for targeted, localized malware attacks.
Malware spreaders have put this kind of exploits to their arsenal of malicious weapons for a longer time already. The “Tibs” group of malware, for example, is known for planting malicious IFRAMEs onto infected legitimate web sites and having them refer back to their exploit servers. Dissecting the shellcode shows that the payload of the exploits tries to load more malware and the different number per exploit appears to be a kind of affiliation ID to keep some statistics and track their different malware campaigns.
Users can use the Secunia’s PSI (personal software inspector) to find older software versions. The discovery of this toolkit should be a very good reason to patch the Adobe Reader.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.