Network News

X My Profile
View More Activity

Hackers exploit Adobe Reader flaw via comic strip syndicate

Hackers broke into an online comic strip syndication service Thursday, embedding malicious code that sought to exploit a newly discovered security flaw in Adobe Reader and Acrobat, Security Fix has learned.

On Monday, Adobe Systems Inc. said it was investigating reports that criminals were attacking Internet users via a previously unknown security flaw in its Adobe Reader and Acrobat software. Experts warned that the flaw could be used to foist software on unsuspecting users who visit a hacked or booby-trapped Web site.

Albany, N.Y.-based Hearst publication Timesunion.com now reports that on Thursday readers of its comics section began complaining of being prompted to download malicious software. In an update posted to its site, Timesunion.com said the attack took advantage of the recently disclosed Adobe flaw. The news outlet said it had traced the attack back to a problem at King Features, which serves comics on its Web site, and that King Features had since corrected the problem.

Rose Croke, brand development manager for King Features, said the malicious code was somehow injected into the company's Web server that handles content for its Comics Kingdom clients. Croke said the Comics Kingdom content is syndicated by roughly 50 different news sites, including Timesunion.com.

"We're working on finding the source of the injection," Croke said.

Adobe said it does not plan to issue a software update to fix the flaw until Jan. 12, 2010.

Adobe says turning off Javascript in Adobe Reader and Acrobat should help mitigate the threat from this vulnerability (instructions on how to do that are available here).

Alternatively, Internet users may want to consider uninstalling Adobe Reader in favor of another free PDF reader program, such as Foxit Reader.

By Brian Krebs  |  December 18, 2009; 3:45 PM ET
Categories:  Latest Warnings , Safety Tips , Web Fraud 2.0  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Twitter.com hijacked by 'Iranian cyber army'
Next: Farewell 2009, and The Washington Post

Comments

Jan 12? While it's presence is acknowledged in the wild at an 'average consumer' type of site?

Nice 'Rapid Response'....

Posted by: JkR- | December 18, 2009 4:21 PM | Report abuse

Brian, at this time another thanks for recommending Foxit Reader, which I have been using for quite a while now, based on a previous column of yours.

Happy holidays and new year to you !

Posted by: observer31 | December 19, 2009 10:22 AM | Report abuse

After using both Windows and Linux (Debian & Fedora), I tried Apple. Apple is really, really weird! Maybe I'll get used to it? I prefer Debian, but I am slowly starting to really like Fedora. I suggest using some flavor of Linux, it comes with literally thousands of programs and is (especially compared to past years) so easy to set up, a Cave man could do it! I have had few instances of problem viruses, with Windows, but none with Linux.

Posted by: wallasongs | December 19, 2009 12:37 PM | Report abuse

It's that "johnny-on-the-spot" response to serious security threats that has caused me to vanquish Adobe Acrobat Reader from my personal computers in favor of Foxit Reader. My guess is that Adobe acutally wants people to stop using Acrobat - that's why they take so long to plug the leaks!

Posted by: kadenmor | December 21, 2009 2:07 PM | Report abuse

While Foxit Reader's free, the rest of it's PDF tool suite is pricey. I suggest the $20 suite of PDF creation tools from PDF 995: http://www.pdf995.com/

Posted by: jake3_14 | December 23, 2009 12:13 AM | Report abuse

Anyone else get this trash today ??? Forwarded it to washington.field@ic.fbi.gov
-------------------------------------------The link is Probably a virus download.
-------------------------------------------

Danny
reply-to dannyboy@hotmail.com
to brucerealtor@gmail.com
date Wed, Dec 23, 2009 at 8:43 PM
subject RE: Breaking up with you

hide details 8:43 PM (53 minutes ago)

wow, you really just broke up with me over email?? Guess you forgot about all the videos I have of us doing sh.t?? I just made a nice mix of all the freaky sh.t we've done and im putting it up for download for the world to see. Oh, and if you think im bluffing, check it out right here. http://sharecash.org/download.php?file=219156 .

oh, i sent this email to your parents too.... i bet theyll be happy to see how much of a w.ore you are! peace out .

Posted by: brucerealtor@gmail.com | December 23, 2009 9:40 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company