Feeds

Adobe exploit bears fingerprints of hack on Google

New in-the-wild attacks unearthed

Secure remote control for conventional and virtual desktops

Recent attacks that exploit an unpatched vulnerability in Adobe's near-ubiquitous Reader application bear the hallmarks of the people who breached Google and dozens of other large companies earlier this year, researchers from Symantec said.

The booby-trapped PDF files are attached to emails that request interviews and offer expert commentary on matters involving North Korea and China, according to Symantec's Karthik Selvaraj. They began circulating as early as September 1 and contain similarities to emails that contained the Hydraq trojan that was used to penetrate Google, Adobe Systems and at least 32 other companies. Parallels include wording in the email, multiple variants of the PDF, and the same geographic region of one of the people responsible.

“If the above emails look familiar, it is because their style is very similar to the emails used in Hydraq (Aurora) attacks,” Selvaraj wrote here. “In addition, the use of a zero-day within a PDF, and how the executable is dropped on the system, all match the Hydraq method of operation. Furthermore, we have seen a large number of detections of unique versions of the PDF – not yet seen elsewhere in the wild – coming from a single computer in Shandong Province of China, which is how far back investigators were able to trace the Hydraq attacks.”

Adobe disclosed the zero-day vulnerability last week and warned that it was being actively exploited on the internet to attack users of its Reader application. In addition to bypassing protections built in to more recent versions of Microsoft Windows, the sophisticated exploit also used a stolen digital certificate belonging to Missouri-based Vantage Credit Union, evidently in an attempt to allay suspicions of prospective victims.

Adobe's security team has yet to say when it expects to release a patch. In the meantime, users who don't want to use an alternate PDF application can employ Microsoft's Enhanced Mitigation Experience Toolkit, or EMET, to block attacks. The tool, which was updated earlier this month, will insulate a Reader module that's targeted in the exploit, Adobe said.

Microsoft provides instructions and screenshots here. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Mozilla, EFF, Cisco back free-as-in-FREE-BEER SSL cert authority
Let’s Encrypt to give HTTPS-everywhere a boost in 2015
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Choosing a cloud hosting partner with confidence
Download Choosing a Cloud Hosting Provider with Confidence to learn more about cloud computing - the new opportunities and new security challenges.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.