charlie476
Member
- Messages
- 104
- Location
- Houston, texas
http://www.adobe.com/support/securit...apsa10-01.html
I believe they have fixed the problems with the current readers
reader 9.3.3
flash player 10.1 but please use with caution
They dont even have to download anything on your pc to be at risk. The embedded banners can record straight from there. To my knowledge virus protectors dont pick that up if its not downloaded on your pc
Malware and Key Loggers are being hid in PDF files and they are also embedding coding in banners on popular websites that they are targeting. If you have a website open that has it embedded and you have a 2nd browser open say your logging into your email. The browser with the corrupt banner is recorded EVERYTHING !! Then everything becomes hell from there. I was attacked this past Thursday morning. I have a bad habit about having multi browsers open. I'm really sure I know one of 2 sites it came from but I will not list for simple sake someone on here might click and then hell will begin for them to. They hacked my account to get my virtual goods off the game I play world of warcraft. I do feel they were really only targeting people that play that game. However they changed not only my game password but my email and facebook. Since then Ive deleted anything related to any of those accounts. But wanted to forwarn anyone that old adobe versions puts you at a MAJOR risk please update.
The U.S Computer Emergency Readiness Team (US CERT) is recommending that users turn off Flash in their Web browsers due to critical vulnerabilities in Flash Player and Adobe Reader, which have already paved the way for hackers to launch malicious attacks on users' computers.
Adobe issued a security advisory recently warning users of an actively exploited zero-day flaw, found in versions 9 and 10 of Adobe Flash Player, triggered by bugs in Adobe Reader and Adobe Acrobat 9.1.2. The vulnerability affects Windows, Mac and Linux platforms.
As with most exploits, the flaw opens the door for attackers to install a malicious Flash Player file embedded in PDF documents, which could be used to crash a user's system or allow an attacker to execute information-stealing code on unsuspecting users' computers.
The attack is executed when hackers entice a user to visit a malicious Web site—typically through some social engineering scheme—or by sending an infected PDF file via e-mail. Once opened, the malicious PDF files, detected as Trojan.Pidief.G, automatically installs the information-stealing malware on users' computers.
Meanwhile, Adobe researchers say that they have already started to see what they call "limited targeted attacks" launched on Adobe Reader version 9 for Windows, which caused the company to rank the vulnerability as "critical." However, security experts anticipate more attacks will follow.
Symantec Security researcher Patrick Fitzgerald said in a blog post that this Flash Player attack was particularly dangerous due to the ubiquitous nature of Flash. Unlike other vulnerabilities that are confined to a particular browser or operating system, Flash can span multiple platforms, allowing attacks exploiting related vulnerabilities to be distributed widely.
"Flash exists in all popular browsers and is also available in PDF documents. It is also largely operating-system-independent; therefore the threat posed by this issue is not to be taken lightly," Fitzgerald said. "The large user base of Flash presents attackers with a huge target audience and will certainly be too much for them to resist."
Meanwhile, researchers at the SANS Institute said in a blog post that the malware exploiting the Flash vulnerability has been found to evade antivirus programs, noting that the exploit still works "even when JavaScript support is disabled in Adobe Reader."
"Regarding Flash, NoScript [Firefox extension that allows JavaScript to be executed only by trusted Web sites] is your best help here, of course," said SANS researcher Bojan Zdrnja, in a blog post.
Zdrnja said that the vulnerability has already paved the way for a low number of "drive-by" attacks, in which attackers infuse a legitimate Web site with malicious code or lure users to a malicious Web site of their own creation. Attacks have been launched on both Internet Explorer and Firefox Web browsers, Zdrnja said.
Adobe said in its advisory that it has been in contact with several security and antivirus vendors and plans to repair the flaw in Flash Player by July 30 and in Adobe Reader and Acrobat by July 31.
Until a fix is created and deployed, the U.S. CERT recommends that users work around the security bug by disabling Flash in Adobe Reader 9 on Windows and either disabling Flash Player or selectively enabling Flash content.
Security experts also recommend that users avoid opening PDF attachments from unfamiliar or untrusted sources, while keeping antivirus software up-to-date.
I believe they have fixed the problems with the current readers
reader 9.3.3
flash player 10.1 but please use with caution
They dont even have to download anything on your pc to be at risk. The embedded banners can record straight from there. To my knowledge virus protectors dont pick that up if its not downloaded on your pc
Malware and Key Loggers are being hid in PDF files and they are also embedding coding in banners on popular websites that they are targeting. If you have a website open that has it embedded and you have a 2nd browser open say your logging into your email. The browser with the corrupt banner is recorded EVERYTHING !! Then everything becomes hell from there. I was attacked this past Thursday morning. I have a bad habit about having multi browsers open. I'm really sure I know one of 2 sites it came from but I will not list for simple sake someone on here might click and then hell will begin for them to. They hacked my account to get my virtual goods off the game I play world of warcraft. I do feel they were really only targeting people that play that game. However they changed not only my game password but my email and facebook. Since then Ive deleted anything related to any of those accounts. But wanted to forwarn anyone that old adobe versions puts you at a MAJOR risk please update.
The U.S Computer Emergency Readiness Team (US CERT) is recommending that users turn off Flash in their Web browsers due to critical vulnerabilities in Flash Player and Adobe Reader, which have already paved the way for hackers to launch malicious attacks on users' computers.
Adobe issued a security advisory recently warning users of an actively exploited zero-day flaw, found in versions 9 and 10 of Adobe Flash Player, triggered by bugs in Adobe Reader and Adobe Acrobat 9.1.2. The vulnerability affects Windows, Mac and Linux platforms.
As with most exploits, the flaw opens the door for attackers to install a malicious Flash Player file embedded in PDF documents, which could be used to crash a user's system or allow an attacker to execute information-stealing code on unsuspecting users' computers.
The attack is executed when hackers entice a user to visit a malicious Web site—typically through some social engineering scheme—or by sending an infected PDF file via e-mail. Once opened, the malicious PDF files, detected as Trojan.Pidief.G, automatically installs the information-stealing malware on users' computers.
Meanwhile, Adobe researchers say that they have already started to see what they call "limited targeted attacks" launched on Adobe Reader version 9 for Windows, which caused the company to rank the vulnerability as "critical." However, security experts anticipate more attacks will follow.
Symantec Security researcher Patrick Fitzgerald said in a blog post that this Flash Player attack was particularly dangerous due to the ubiquitous nature of Flash. Unlike other vulnerabilities that are confined to a particular browser or operating system, Flash can span multiple platforms, allowing attacks exploiting related vulnerabilities to be distributed widely.
"Flash exists in all popular browsers and is also available in PDF documents. It is also largely operating-system-independent; therefore the threat posed by this issue is not to be taken lightly," Fitzgerald said. "The large user base of Flash presents attackers with a huge target audience and will certainly be too much for them to resist."
Meanwhile, researchers at the SANS Institute said in a blog post that the malware exploiting the Flash vulnerability has been found to evade antivirus programs, noting that the exploit still works "even when JavaScript support is disabled in Adobe Reader."
"Regarding Flash, NoScript [Firefox extension that allows JavaScript to be executed only by trusted Web sites] is your best help here, of course," said SANS researcher Bojan Zdrnja, in a blog post.
Zdrnja said that the vulnerability has already paved the way for a low number of "drive-by" attacks, in which attackers infuse a legitimate Web site with malicious code or lure users to a malicious Web site of their own creation. Attacks have been launched on both Internet Explorer and Firefox Web browsers, Zdrnja said.
Adobe said in its advisory that it has been in contact with several security and antivirus vendors and plans to repair the flaw in Flash Player by July 30 and in Adobe Reader and Acrobat by July 31.
Until a fix is created and deployed, the U.S. CERT recommends that users work around the security bug by disabling Flash in Adobe Reader 9 on Windows and either disabling Flash Player or selectively enabling Flash content.
Security experts also recommend that users avoid opening PDF attachments from unfamiliar or untrusted sources, while keeping antivirus software up-to-date.
