|
 |
|
Shop
You are here: News > News > Abuse of Adobe Reader vulnerabilities captured
| » IT Security NEWS |
| » 17 April 2010 |
| Abuse of Adobe Reader vulnerabilities captured |
News broadcasts by known anti-virus software manufacturers show that there are online thugs who tried to abuse the security vulnerabilities in the Adobe Reader that was discovered two weeks prior. And, in this it was found out that some hackers tried to gain access into Windows-operated computers with the use of the holes in Adobe Reader.
Conventional way of tricking users is still widespread
One of the malicious and harmful software detected was the ZeuS bot. The tactic of the online crooks involves sending of e-mails, with the executable file attached to it, to susceptible users.
The vulnerability in the Adobe Reader is actually found in its function, Launch Actions or Launch File. This permits the activation of any malicious codes or the executable files (EXE) that are incorporated in different PDF files.
Different methods are used to deceive
A dialogue box might appear that will inquire for a permission to execute a given file. However, this may also be created in a way that the individual will not notice that the file has already entered and infecting the whole computer system. In response to this, one of the security firms, Sophos, illustrated the process by which a user is being convinced into clicking the Ok button.
According to a report made by M86Security, there is a trick behind a PDF file which possesses the ZeuS bot. Infection may occur once the file is opened since another PDF will appear and this next file holds the harmful and malicious software. It is possibly designed this way in order to hide the malware from being easily detected by the anti-virus software installed within a computer system.
Dangerous events might occur without prior notice
In addition, Foxit allows the file to be instantly saved once the dialogue box appears and it happens without notifying the user. Today’s edition of Foxit allows a pop up of a dialogue as it attempts activating the bot. In the previous versions, however, it activates the file immediately without informing the user about it.
The company has not yet released until now its evaluation for the vulnerability of the function of the Reader. Adobe believes that this feature is very much important and that it can only create problems in a system once it is used in a non-beneficial way.
Do-it-yourself procedures are the true life-savers
So as to prevent any damage, users should open only the PDF files that are released by legitimate distributors. And, in order not to be tricked by this malicious tactic, users may also disable the option “Allow opening non-PDF file attachments with external applications”, which is found in the Preference or Trust Manager option.
For more information, visit the following given SecPoint links: About SecPoint, SecPoint Products, and SecPoint News. |
 |
 |
Awards & Reviews | |||||
|
||||||
|
|
Subscribe to our Mailing List |
|
|
|
|
Customer References | |
|
||
