Re: New report from Sophos<---DANGER



Virus spreading via PDF
Virus writers have created an exploit for an unpatched vulnerability in
Adobe Flashplayer, Acrobat and Acrobat reader. The vulnerability exists in
these applications on all platforms, Windows, OS X, Linux and Solaris.

The vulnerable products are:

a.. Adobe Reader 9.1.2 and earlier 9.x versions
b.. Adobe Flash Player 9.0.159.0 and 10.0.22.87 and earlier 9.x and 10.x
versions
You can read the alert from Adobe at:
http://www.adobe.com/support/security/advisories/apsa09-03.html

The exploit runs with the privileges of the current user. The known virus is
delivered as a PDF file which could be attached to an email or posted on a
web page.

OIT has seen an instance of an infected computer sending email with .PDF
attachments. The emails had a message saying the attachment was an e-card or
an invoice for a recent purchase. Usual warnings apply, if you weren't
expecting an email with an attachment, don't open the PDF attachment. If you
don't know the sender, don't open the PDF attachment.

The malicious PDF contains flash content. In the Windows environment, if the
malicious PDF is opened with an Adobe product, it will exploit the
vulnerability via the flash player .dll called authplay.dll. On a Windows
system, it is apparently possible to disable the connection between Acrobat
and Flash by renaming that .dll and one in the same directory called
rt3d.dll. This is the only workaround at this time. There are alternate PDF
viewers that would not be vulnerable.

According to malware analysts, the exploit will work on Windows 9x, NT, 2K,
XP, Vista, Server 2000 and Server 2003.

Adobe is working on a patch and says it will be ready for all platforms, but
Solaris, on 7/30/09. So until then, use caution when opening that PDF. If
you receive a PDF that crashes Acrobat, I'd like to know.

OIT Security

"~BD~" <BoaterDave@xxxxxxxxxxxxxxxxxxx> wrote in message
news:fbudnew3_ImrYRXWnZ2dnUVZ8kCdnZ2d@xxxxxxxxx
https://secure.sophos.com/sophos/docs/eng/papers/sophos-security-threat-report-jan-2010-wpna.pdf

.



Relevant Pages