We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Hackers continue to exploit Adobe Reader flaw

Sample attack missed by most antiviruses

Hackers are once again using the zero-day hole in Adobe Reader and Acrobat to install a remote-control Trojan on victim machines.

The attacks start with a malicious .pdf that the Internet Storm Center has analysed in depth. The ISC is a volunteer organisation that tracks internet attacks.

"Malicious PDF documents are not rare these days," said an ISC spokesperson, adding that attacks typically attach them to emails. But targeted attacks only sent to a small number of victims are often missed by security programs, and the attack sample sent to the ISC was initially detected by only six out of 40 antivirus vendors.

This particular attack attempts to install the PoisonIvy Trojan, which allows an attacker to gain remote control over an infected PC.

It also drops off a harmless .pdf file named baby.pdf and then opens it with Reader, a bit of digital sleight-of-hand intended to disguise the attack.

Adobe criticised

The Adobe flaw has been under attack since it was disclosed last month.

In its security bulletin, Adobe notes that for some combinations of Windows and Reader versions, this security hole will only allow for crashing Reader instead of installing malware.

In the bulletin, Adobe says it will release an update on January 12, but until then the ISC suggests disabling Javascript in Reader and Acrobat (instructions in the bulletin).

Using an alternate .pdf reader such as Foxit should also help mitigate the threat.

Broadband speed test

PC security advice

See also: Adobe to surpass Office as biggest hacker target

IDG UK Sites

OnePlus One release date, price, specs UK: No invite needed any longer

IDG UK Sites

15 analogue facts that today's kids won't understand: winding tapes, Ceefax and more

IDG UK Sites

Disney's felt-based 3D printer creates soft toys and other squishy things

IDG UK Sites

WWDC 2015: What Apple will launch at WWDC 2015: Apple TV, Macs, more & how to get WWDC tickets