Network News

X My Profile
View More Activity

Hackers target unpatched Adobe Reader, Acrobat flaw

Adobe Systems Inc. said Monday it is investigating reports that attackers are exploiting a previously unidentified security hole in its Acrobat and PDF Reader software to break into vulnerable computers.

reader.JPG

The acknowledgment coincided with an alert published by the Shadowserver Foundation, a nonprofit group that tracks the spread of malicious programs that criminals use to control infected systems remotely. Shadowserver member Steven Adair said the flaw is present in the most recent versions of Adobe Acrobat and Reader.

Adair warned that security experts have observed cyber crooks using the vulnerability in targeted attacks since at least Dec. 11, but that more widespread attacks are likely to emerge over the next few weeks. In addition, few anti-virus vendors currently detect malicious PDF files harboring this exploit.

At the moment, there is no patch available for this flaw, and Adobe's brief advisory offers little in the way of mitigation advice.

However, Internet users can protect themselves from this attack in a couple of ways. First, this exploit doesn't work unless users have Javascript enabled in Adobe Acrobat/Reader.To disable Javascript, click "Edit," then "Preferences" and then "Javascript," and uncheck "Enable Acrobat Javascript."

As an alternative to Adobe, I generally recommend the free and lightweight Foxit Reader. But there are other free PDF readers, including Sumatra PDF and PDF-XChange Viewer.

By Brian Krebs  |  December 15, 2009; 12:04 AM ET
Categories:  Latest Warnings , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Check your Facebook 'privacy' settings now
Next: Group IDs hotbeds of Conficker worm outbreaks

Comments

Brian,
Thanks for another timely article.

It seems to me that as Acrobat Reader has acquired more bells and whistles it has become less secure. Maybe Adobe needs to change it focus for the reader.

Frank
Cybercrime Fighter
www.guidemarksecurity.com

Posted by: fchaffin | December 15, 2009 9:04 AM | Report abuse

I haven’t used Adobe Reader in years because of the bloat involved with that application. In fact, that bloat has really made me dislike Adobe in general. For people who only want to read, print and maybe fill and print out a form, the program is huge. I have never heard of anyone using Reader for its voice features. With the myriad of security problems, you think Adobe would address these issues instead of putting out another gigantic patch.

Now, if only there was a ninja-like challenger to PhotoShop I could rid myself of Adobe for good.

Posted by: ummhuh1 | December 15, 2009 12:34 PM | Report abuse

Not to belabour a point, but OS X doesn't need any Adobe cruft. The system's Preview does more than a satisfactory job, thank you. And as for a ninja replacement for Photoshop: GIMP. And it's real ninja too - nothing is where you're used to it being. But it works.

Posted by: Rixstep | December 15, 2009 2:30 PM | Report abuse

We've received a report that the free Foxit install is a nightmare.

'The free viewer is an installation land mine. Not only does it want to install a toolbar and redirect your home/search page (as usual) but warns you that it will disable several features from the viewer if you refuse the toolbar. Just when you think you're done with the installation, you have to uncheck a few more boxes about adding eBay stuff. It's quite easy to miss these things if you're sloppy and in a hurry.'

Posted by: Rixstep | December 15, 2009 2:39 PM | Report abuse

Thanks again, Brian, and Happy Holidays.

Posted by: JBV1 | December 15, 2009 4:57 PM | Report abuse

An annoyance has appeared in recent versions of Foxit Reader. If you install or even open it as an administrator, from then on it asks for a password every time you open it regardless of what kind account your using. Otherwise I like.Unfortunately TurboTax doesn't recognize it.

Posted by: b_100666 | December 16, 2009 8:56 AM | Report abuse


It was funny - just the other day I was talking with some people I know who run Windows without any AV software at all. They have all of the excuses - it is a hassle, expensive, rip-off, etc. They claim to not surf porn or open attachments.

I asked them if they were aware that pdf documents could become infected. So far, silence.

I am leaning more towards Linux/Mac as the way out of this maze. Our little netbook with Ubuntu Linux has a viewer of some sort - I don't know which one, actually.

Now to be fair, AV software wouldn't have caught this - at least not yet. I suppose in principle they will update their definitions, and eventually it would catch it.

Posted by: jackrussell252521 | December 16, 2009 9:16 AM | Report abuse

@ rixstep: I've been using Foxit for a couple years now and I have to say it works like a charm for me. I seem to recall having to untick a couple things during the install, but the program's features seem in no way diminished.

I believe there's a paid version with all the bells and whistles, but the free version does exactly what I need it to do - with the exception of allowing pdfs to be viewed in a browser via a plugin. A minor annoyance, considering the fact that the program works and it's not Adobe.

Posted by: timmdrumm | December 16, 2009 1:05 PM | Report abuse

Foxit is no roll in the hay. See this review. http://bit.ly/4WEx9V

Posted by: Rixstep | December 16, 2009 1:19 PM | Report abuse

Foxit used to be straight forward, small and unbloatish. They seem to be following Adobe's footsteps with each release, adding features (bloat), as well as, the slimey stuff in the installer. To avoid the installer stuff, get the zip file that contains just the Foxit Reader executable. No install, just copy it out of the zip to where you want it, make your own shortcuts and setup your own file associations. More work involved, but you don't have to deal with the installer and you maintain more control. To get the zip, go to http://www.foxitsoftware.com/downloads/index.php, scroll down, across from Foxit Reader x.x.x (exe), click "More Download", scroll down a bit and click the link for the zip. They used to make the zip more easily accessible. Guess they prefer you use the installer! :(

What's with these software companies? The more junk they add to the free reader and its installer, the more of us are going to look elsewhere for not only the free software, but the companion paid products!

Posted by: xAdmin | December 16, 2009 3:00 PM | Report abuse

Brian,
can the 'proper' use of Mozilla Firefox's add-on, NoScript, eliminate or minimize the potential threat you reference, given the fact that Javascript is disabled until the user decides to activate it? If you believe there is a safe and reasonable way to use this add-on to eliminate or minimize the potential threat, please kindly relate any such information. Thank you for the valuable service you provide.

Posted by: JohnLBrown | December 16, 2009 11:14 PM | Report abuse

After checking out the link from Rixstep, I have to say the installer that blogger writes about is nothing like the one I encountered with Foxit. Perhaps because I've been using it for awhile, my installation was one of the "unbloated" earlier versions. No matter - it works for me, and I'm happy with it. Hope you find something that works for you! Merry Christmas to all...

Posted by: timmdrumm | December 18, 2009 11:27 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company