Zero-day Attack in the Wild for Adobe Flash, Reader, and Acrobat

We have confirmed the attacks that exploit the vulnerability (CVE-2010-1297) that Adobe announced on its security advisory are in the wild.

 

The exploit takes advantage of an unpatched vulnerability in Flash Player, Adobe Reader, and Acrobat, and affects users regardless of whether they use Windows, Macintosh, Solaris, Linux, or UNIX. Adobe has categorized this as 'critical', which is the highest level in its severity rating.

 

Attacks can take place in various situations; a few are listed below:

 

Receiving an email with a malicious PDF attachment.

Receiving an email with a link to the malicious PDF file or a website with the malicious SWF embedded in malicious HTML code.

Stumbling across a malicious PDF or SWF file when surfing the web.

 

We have confirmed that the attack involves Trojan.Pidief.J, which is a PDF file that drops a back door Trojan onto the compromised computer if an affected product is already installed. We have also come across an attack using a malicious SWF file (detected as Trojan Horse) in conjunction with an HTML file (detected as Downloader) to download another malware (detected as Backdoor.Trojan) from the web. (We may update these three detection names once our analysis is complete).

 

The attacks seem limited at this point. However, other cyber criminals may jump on the bandwagon to take advantage of the vulnerability in (continue reading...)