Time to step up your Acrobat Reader patching. Attacks are on the rise.

If you haven’t patched the latest Acrobat Reader from two weeks ago, it might be time to step up the pace. If you look at this blogpost from F-secure, you’ll see that the PDF format has become the choice for targeted attacks. Within the security community, it’s being nicknamed Penetration Document Format.

Because we’re now seeing the vulnerability (CVE-2010-0188) being exploited in targeted attacks (Microsoft also).

Our sample was submitted by a European financial organization and the file name includes a reference to the G20. The exploit drops a downloader and attempts to make a connection to We detect this attack as Exploit:W32/PDFExploit.G. (source: fsecure)

If patches/upgrades are not possible, think about using the usual workaround like disabling javascript or installing alternative clients.

PDFs can easily be used for info stealing purposed that evades AV, HIDS, etc… the victim doesn’t event have to have admin privileges. Have a look at this explanation from security expert Didier Stevens on how such an attack is performed. Didier has written numerous analyses of PDF malware in the past and is a known researcher in this field.

On a small side note, Didier is going to give a malware analysis workshop at the BruCON conference. This is the occasion to learn some PDF malware analysis techniques from him!!

Related posts:

(Photo under creative commons from Ludmila Tavares’ photostream)

*** This is a Security Bloggers Network syndicated blog from Security4all - Dedicated to digital security, enterprise 2.0 and presentation skills authored by Security4all. Read the original post at: