sjb007

Attackers are exploiting one of the vulnerabilities in Adobe Reader that was patched earlier this week, a security researcher warned as he urged users to update as soon as possible.

According to Bojan Zdrnja, an analyst at the SANS Institute's Internet Storm Center (ISC), malicious PDF files are circulating that infect systems by exploiting one of the eight bugs Adobe patched last Tuesday.

"This is not surprising, though, as a fully working [proof-of-concept] has been recently published," said Zdrnja in an alert posted to the ISC site early Friday. "But it's interesting to see that the attackers modified the proof-of-concept a little bit, probably in order to evade anti-virus detection."

Shortly before Adobe patched the older Reader 8.1.2, Core Security Technologies, a security company that had reported the bug to Adobe in May, published sample attack code as part of its own advisory about the danger posed by rogue PDF files.

The malicious PDFs examined by Zdrnja contained a variation of the Core Security code. "Parts of the publicly-posted proof-of-concept are visible, but the attackers also modified certain parts," he said. "This was probably enough to fool the [anti-virus] vendors."

In fact, that was the result, Zdrnja argued. As of 11 a.m. EST (4pm GMT), no anti-virus company had yet released a detection signature that could finger the malformed PDF files.

Full article here - http://www.techworld.com/news/index....&NewsID=106859