back to article Adobe Reader vuln hit with unusually advanced attack

With more than a week until Adobe is scheduled to patch a critical vulnerability in its Reader and Acrobat applications, online thugs are targeting it with an unusually sophisticated attack. The PDF file uses what's known as egg-hunting shellcode to compress the first phase of the malicious payload into 38 bytes, a tiny size …

COMMENTS

This topic is closed for new posts.
  1. Martin Smith 2

    Another software updater

    Instead of every company making their own software updater can't we just have a unified system for this built into Windows?

    1. Nick Stallman
      Happy

      Or use one of the many systems already avaliable

      Or use one of the many systems already available?

      As far as I can tell, various breeds of Linux have had unified installers and updaters for quite some time now. :p

      The Windows way with .exe installers and 20 different taskbar updating programs makes me flinch now.

    2. Inachu
      Flame

      PIPE DREAM!

      But it would be nice!

      Just think if your wish came true.

      A. Install shield.... even though we configure it to stop alerting us and never update it still puts a update icon on the systray and I really pisses me off and once in a blue moon JAVA forgets that I also never want it to communicate back home.

      Some of you programmers think you are so sneaky to bypass my firewall.

      Trying to bypass my firewall no matter how honest you try to feel means you should be removed from your company and put onto the bread and cheese lines.

      Grrrrrrrr!!!!!!!!!!

  2. Anonymous Coward
    Anonymous Coward

    I have a great idea!

    Let's get a company with a stellar security record (NOT!) to install an auto-updater on every desktop in the company and push updates to every machine individually.

    Yeah right!

    It's bad enough that Firefox does this, but at least they have the good grace to write "updates" that are relatively small (2MB on a good day). Adobe "updates" at 10 times that size.

    Unless they release an "intranet update server", I'm going to have to start looking at only allowing Adobe Reader through Citrix.

  3. MadonnaC
    FAIL

    Automatic updater

    for people who forget to update will become available when those same people have updated their software.

    Anyone else see a flaw in this logic?

  4. Richard Porter
    FAIL

    PDF is no longer portable

    PDF is now so bloated that it has ceased to be protable. Adobe is only interested in selling upgrades, not maintaining compatibility across all platforms. On those platforms not supported directly by Adobe it is difficult for the developers to keep up with the changes. It doesn't help when organisations like gov.uk insist on using the latest version.

    PDF should be kept plain and simple. If it didn't have all the bells and whistles it wouldn't be so vulnerable to exploitation.

    1. leonardr

      PDF is an ISO standard

      PDF was turned over the ISO (International Organization for Standardization) almost three years ago now and so any advances are approved by committee. If you have an opinion of the direction for PDF - then JOIN THE COMMITTEE! It's free to join - just contact your country's standard body (eg. AIIM, BSI, DIN, etc.).

      This is why Adobe turned PDF over - so that the world could drive it's future...

  5. gollux
    Grenade

    Keep up the good work?

    The ever ubiquitous wanna' be a web2.0rrhea webpage running hijax enabled javascript - Adobe Acrobat bringing a new exploit to you...

  6. Forget It
    Coat

    FoxIt is an alternative on windows

    http://www.foxitsoftware.com/pdf/reader/

    1. Basil Fernie
      Linux

      ... but doesn't it also execute the bad stuff?

      I use it, I like it - but as an Adobe Reader workalike, doesn't it have much the same security holes?

  7. heyrick Silver badge
    FAIL

    Adobe updater

    I'd like to update. The updater, some 30-odd Mb downloads, runs, then asks for some file that doesn't exist. It won't go any further. Why the hell can't these updaters be entirely self-contained? For this, and for all the crap now present in PDFs, I award Adobe EPIC FAIL status.

  8. Anonymous Coward
    WTF?

    Can we please have the names

    of the idiot who decided a document (especially one that calls itself portable) should be enabled to contain executable components, together with the idiots who approved this ? This proves they did not learn a thing from more that a decade of macro virus pain inflicted on us because Microsoft thought it is cool to allow a document to interact with your OS.

    What a document reader should do is :

    a. open the document file

    b. read bytes

    c. format and display the info on screen or send it to the printing device

    and this should be true for any document format on any OS on any planet. For ever!

  9. Glen 9
    Unhappy

    The title is required, and must contain letters and/or digits.

    I'm more worried about that Adobe AIR that's needed for the iPlayer [well to download the shows anyway].

    1. Anonymous Coward
      Anonymous Coward

      Air needed?

      Try looking for ipdl.exe

      You don't even need working flash.

    2. Keith Oldham
      Happy

      get_iplayer

      Google it !

  10. Neal 5

    Good article

    As many of the comments already show, the finger of blame is again being firmly pointed in entirely the wrong direction.

    Whilst many of the comments are good value for an entirely different reason, the true fact remains that Adobe is being wrongly blamed, as with MS, they are actually the victims, although not entirely innocent.

    If this was a DD RTA, how many comments would there be of the nature, well no one should get in the way of a drunk driving a car.?

  11. Glen 9
    FAIL

    The title is required, and must contain letters and/or digits.

    I also agree with all those complaining about another auto updater. Ask nicely and get the patches pushed through Windows Update.

    There's nothing worse then playing a multiplayer game or streaming media from the internet and Apple's auto updater stealing all of my small but precious bandwidth. Then there's the ridiculous size of the patches from Adobe. Are they actually patches or are they giving us a "fixed" version of the entire program again?

    Then there's the problem that the people who aren't keeping their programs up to date anyway aren't going to download the auto-updater because they will either not know about it, not care or think that because everything seems to be working fine, there's no need.

    That said, everyone could just switch to Silverlight [which will never happen since Google owns YouTube] and get the updates via Windows Update. At least Microsoft take security seriously. And why isn't Adobe being pissed on by the EU from being a monopoly with 95% or the market while IE only has around 70% [give or take 10% because I can't remember right]?

  12. amanfromMars 1 Silver badge

    The Lone Ranger ...... is No Stranger

    ..... AIdDaring Trojan with the Speed of Light, the Cloud for Trust and a Hearty Invisible Core... Hi, Yo, Bro, This Way.

    * ...."“They can download and then give them the choice to install it, or it can just notify – or you can turn it off completely. And so, by giving users these options, you know, people who have a well managed environment and they’ve got good reason for why they don’t want to install an update, Arkin said in a Q&A posted to Threatpost.com." .... http://blogs.zdnet.com/security/?p=5178

    And Adobe also would then know, by "clients" subsequent actions with regard to installation or not, who would vulnerable or more into either exploiting or more interestingly, because it can be so much more lucrative, creating vulnerabilities, for it sounds like a novel hacker tracker, in the first instance, and an experimental crack coder sniffer, in the second instance, Kemo Sabe.

    * .... If you believe that your every electronic move is observable, and when a Personable Being of Interest or Seclusive Odd Bod or whatever other Virtual Persona One may have Groomed or be Phorming for a Reality in Existence, [and then would it be an Artificial Creation with IntelAIgents for Virtual Reality ProgramMING in Live Operational Virtual Environment**] , your every electronic move, monitored ..... and then that also Ideally Provides the Sublime Facility and an Astute Capability for ProActive Mentoring in AIRemote ControlLed Power System.

    [**Welcome to the Wonderful Wacky World of NIRobotIQs and NEUKlearer HyperRadioProActive IT, where Worlds are NThralled with Candidates and Master Pilots in Post Modern Turing Manchurianism ...... for the SMARTer Virtual Terrain Team Field AIgent ........ within ITs Spooky CyberIntelAIgent Security Beings and Commanding Theatre Control Offices. And which, although Freely Available for Supply to All, will only be of Particular and Peculiar Interest to a Choice Few into the Genre]

  13. Anonymous Coward
    FAIL

    Christ-on An -ATAT

    Its a fucking document viewer, you know, like notepad, only posher.

    SO WHY is it so effin big a download!!!!

    Adobe has lost the plot completeley and the sooner people ditch their god awful software the better. I was a staunch Acrobat user till a few years ago when i noticed this *massive* increase in bloatware.

    I use sumatra PDF, free, small, bloat free. And of course, foxit, another free reader.

    1. Elmer Phud
      IT Angle

      Bells and whistles

      Well, M$ know that everyone wants/needs shite graphics, sounds, pretty fonts and all the rest or any document is somehow not as valid, not as real as the ones with all the bells and whistles.

      Adobe is just another facet of the saleman's wet dream for the upper echelons.

      As amanfromMars1 points out the public love it and get what they deserve as Adobe feeds out bigger and bigger updates for the great unwashed and unprepared. There is also the continuous interfence from 'those who only look at presentations ' to inflict something grand and wonderful to get noticed in order to get thier contract renewed the next year.

      The big bosses have the desktops that thier staff can only have vague dreams about and are glad to be presented with Digital Disneyland everytime while in the real world the people get hassled about productivity as yert another bloody Adobe update takes over thier machine and most of the bandwidth for ages at a time.

      I use Foxit, I can't be arsed with Adobe's updaters wanting to connect all the time and cram my hard drive full of crap I don't need.

  14. Anonymous Coward
    FAIL

    Adobe reader updates

    Since the last version of Adobe Acrobat Reader, the check and download update feature won't work through a proxy server ie on a office network. And according to Adobe, its not something they are going to fix.

    So whereas before I had the option of going to each workstation running the check update and selecting which updates to install, I now have to download and configure the distributable version, and then go to each workstation......

    1. Anonymous Coward
      Anonymous Coward

      That news makes me think...

      that AMFM was right. This is the surveillance society and we are letting it happen; of course, our governments feign ignorance of any kind of technology so that they cannot be held accountable.

      Feigning ignorance is a specialty of most/all governments and the spectacular way that these governments FAIL at IT makes issues like this all the more believable,

  15. Anonymous Coward
    Gates Halo

    For the Admins

    I could swear that the past couple of times I've had to update Adobe Reader, I was able to do it with an MSI/MSP provided by Adobe, and sent to the client machines via group policy. The process does seem to be becoming increasingly painful though.

  16. Anonymous Coward
    Anonymous Coward

    egg-hunting shellcode ?

    "With more than a week until Adobe is scheduled to patch a critical vulnerability in its Reader and Acrobat applications, online thugs are targeting it with an unusually sophisticated attack"

    The vulnerability is in the underlying memory management unit, not a document reader ..

    "The PDF file uses what's known as egg-hunting shellcode to compress the first phase of the malicious payload into 38 bytes, a tiny size that's designed to thwart anti-virus detection .."

    So the malware uses obfuscation and downloads itself in chunks and of course the AV software doesn't work ...

  17. kissingthecarpet
    Linux

    Sumatra

    I use sumatra ( http://blog.kowalczyk.info/software/sumatrapdf/download.html )

    Its pretty small (1188 kB) so hasn't got a lot of the Adobe functionality, but that's the point, innit?

This topic is closed for new posts.

Other stories you might like