Daily cyber threats and internet security news: network security, online safety and latest security alerts
September 24th, 2008

New PDF Exploits Toolkit Targets Windows Users With Unpatched Adobe Reader

Discovery by Secure Computing’s anti-malware research labs shows that a new exploit pack exclusively targets PDF vulnerabilities, exposing Windows users to malicious hacker attacks. The Portable Document Format (PDF) is one of the file formats of choice commonly used today, since it’s widely deployed across different operating systems. On a down-side, this format has many known vulnerabilities which are exploited in the wild.

The toolkit targets only PDFs, no other exploits are used to leverage vulnerabilities. Typical functions like caching the already infected users are deployed by this toolkit on the sever-side. Whenever a malicious PDF exploit is successfully delivered, the victim’s IP address is remembered for a certain period of time. During this time the exploit is not delivered to that IP again, which is another burden for incident handling.

Other existing toolkits have also been enhanced with PDF exploits lately. For example, “El Fiesta” toolkit have also added exploits for the Portable Document Format. End users are usually very slow to apply software patches, giving the bad guys a huge opening for targeted, localized malware attacks.

Malware spreaders have put this kind of exploits to their arsenal of malicious weapons for a longer time already. The “Tibs” group of malware, for example, is known for planting malicious IFRAMEs onto infected legitimate web sites and having them refer back to their exploit servers. Dissecting the shellcode shows that the payload of the exploits tries to load more malware and the different number per exploit appears to be a kind of affiliation ID to keep some statistics and track their different malware campaigns.

Users can use the Secunia’s PSI (personal software inspector) to find older software versions. The discovery of this toolkit should be a very good reason to patch the Adobe Reader.

Share this item with others:

More on CyberInsecure:
  • Unpatched 0-day PDF Flaw Harnessed To Launch Targeted Attacks
  • Critical Adobe Reader Vulnerability Under Attack, Allows Complete Control Of User’s Computer
  • Exploit Posted For Adobe Reader PDF Zero-day Vulnerability In ‘getAnnots()’ Javascript Function
  • Latest Adobe Reader Version Under 0day Attack
  • Buffer Overflow Critical Vulnerabilities In Adobe Reader And Acrobat

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: New PDF Exploits Toolkit Targets Windows Users With Unpatched Adobe Reader

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.