Blog

IT NEWS      Sustainability        - Virtualisation   
Technology news and Jobs arrow Our Blogs arrow The BeerFiles arrow Microsoft finally admits fault for PDF attacks
Microsoft finally admits fault for PDF attacks PDF E-mail
User Rating: / 5
PoorBest 
by Stan Beer   
Saturday, 27 October 2007
There we were thinking that Adobe was at fault because its Acrobat reader had a vulnerability that exposed users to bad PDF files filled with malwares sent in spam when all along it was yet another vulnerability in Microsoft Windows. Microsoft has belatedly admitted that it's to blame and is working on a fix but for many it may be too late as spam with dodgy PDF files is hitting mailboxes by tens of thousands.

Related stories

Researchers say the new exploit is particularly dangerous because PDF files, the attack vector, are not filtered at email gateways like .exe files

Microsoft security response team member Bill Sisk issued a warning via the Microsoft Response Centre Blog yesterday admitting that applying a security update from Adobe does not fix the vulnerability and Microsoft is working feverishly to patch the flaw.

"Third party applications are currently being used as the vector for attack and customers who have applied the security updates available from these vendors are currently protected.  However, because the vulnerability mentioned in this advisory is in the Microsoft Windows ShellExecute function, these third party updates do not resolve the vulnerability – they just close an attack vector," wrote Sisk.

"As part of our SSIRP process we currently have teams worldwide who are working around the clock to develop an update of appropriate quality for broad distribution. Because ShellExecute is a core part of Windows, our development and testing teams are taking extra care to minimize application compatibility issues."

According to Finnish security company, F-Secure , an unknown party has been sending out tens of thousands of mails with subject-lines like: Your credit report; Personal Financial Statement; Your Credit File; and Balance Report.

The mails contain no mail body, only an attachment called "report.pdf". When opened, the PDF file uses the CVE-2007-5020 vulnerability via Acrobat Reader and IE7 and downloads further malware from a server in Malaysia. The target of the malware seems to be to create a botnet of infected machines to be used for further malicious activity. F-Secure writes on its site.

"We're worried about this case, as PDF attachments are typically not filtered at email gateways", says F-Secure's Chief Research Officer Mikko Hypponen. "Executable files are now stripped almost everywhere, but PDF is stripped almost nowhere".

"Also, a security update for Acrobat Reader was just made available few days ago, so there are tons of users who haven't had a chance to update yet".


As always, advisors say the best way to protect yourself is not to open dodgy emails. Could another way possibly be to migrate from Windows to something else - say Linux?

Please enable JavaScript in your browser to post your comment!

Tags See All Tags


Security  Stan Beer  Viruses  Windows 

Get stories like this delivered daily - FREE - subscribe now
 
< Next story in category   Previous story in the category >
  •   *  
  • Search
  • AdvSeach
  • Login
  • Events
  • FreeStuff
Subscribe to our free e-newsletter
First name:
Last name:
Your email address:
Your role:
Your industry:
Australian state:
Country:
Enter the security code shown:
mandatory
JobsWire Technology Jobs in Sydney
Active Directory  Apache  Software Architect  C#  C++  Cisco  Citrix Cognos  Coldfusion  CRM  Crystal Reports  Software Development  ERP  HTML  IBM  IT Infrastructure  ITIL  J2EE  Java  LAN/WAN  Linux  Lotus Notes  MS Project  .NET  Oracle  SDLC  SQL  IT Support  IT Training  UAT  UML  Unix  XML
JobWire - IT Jobs
Contact , Register , Advertise with iTWire , Links , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging , MyBlogLog page
Industry Releases , Submit your release now