Botnet are exploiting an Adobe's PDF vulnerability and are using PDF documents for the "Launch" design flaw to spread the malware onto computers.
The virus infects the computer when the users open an email with the attached PDF file. Once the computer is infected to sends sensitive information to malware creators somewhere in China.
A spokesperson for the Websense, a security firm that detected the hacking warned people against opening PDF file attachment email with the name Royal_Mail_Delivery_Notice. pdf.
Dan Hubbard, CTO of Websense said, "When recipients open the PDF, it asks to save the file. The user falsely assumes that the file is just a PDF, and, therefore, safe to store on the local computer. The file, however, is really a virus. The malicious PDF launches the dropped file, taking control of the computer. It was discovered that the latest anti-viruses have an 80% chance of mistaking the file as a harmless one."
Zeus is the first major malware to exploit the PDF format /Launch feature. The flaw is not security vulnerability but actually a by-design function of the program. Belgium researcher Didier Stevens had earlier showed how a multistage attack could exploit /Launch.
The users can protect their computer by disabling Javascript or the launch feature within Adobe Reader. Both the Reader and Acrobat display a warning when an executable inside a PDF file is launched.
A demo video of this attack can be viewed here
0 Visitor Reactions & Comments:
Post a Comment