Researchers discover PDF exploit packs

PDF exploit kit circulating on InternetIf you still need a reason to patch that installation of Adobe Reader, pay close attention to this discovery by Secure Computing’s anti-malware research labs.

The group has stumbled upon an exploit pack that exclusively targets PDF vulnerabilities, exposing millions of Windows desktops to malicious hacker attacks.

Secure Computing warns:

This new toolkit targets only PDFs, no other exploits are used to leverage vulnerabilities. Typical functions like caching the already infected users are deployed by this toolkit on the sever-side. Whenever a malicious PDF exploit is successfully delivered, the victim’s IP address is remembered for a certain period of time. During this “ban time” the exploit is not delivered to that IP again, which is another burden for incident handling.

Other existing toolkits have also been enhanced with PDF exploits lately. For example we spotted the “El Fiesta” toolkit to have also added exploits for the Portable Document Format.

[ SEE: Flash attack may as well have been zero-day ]

Unpatched third-party desktop applications are a big, big part of the malware epidemic on the Windows platform. As we learned during that Adobe Flash attack earlier this year, end users are very slow to apply these patches, giving the bad guys a huge opening for targeted, localized malware attacks.

I can’t recommend Secunia’s PSI (personal software inspector) highly enough. Please patch now.

[Source: zdnet]