Feeds

Adobe exploit bears fingerprints of hack on Google

New in-the-wild attacks unearthed

Choosing a cloud hosting partner with confidence

Recent attacks that exploit an unpatched vulnerability in Adobe's near-ubiquitous Reader application bear the hallmarks of the people who breached Google and dozens of other large companies earlier this year, researchers from Symantec said.

The booby-trapped PDF files are attached to emails that request interviews and offer expert commentary on matters involving North Korea and China, according to Symantec's Karthik Selvaraj. They began circulating as early as September 1 and contain similarities to emails that contained the Hydraq trojan that was used to penetrate Google, Adobe Systems and at least 32 other companies. Parallels include wording in the email, multiple variants of the PDF, and the same geographic region of one of the people responsible.

“If the above emails look familiar, it is because their style is very similar to the emails used in Hydraq (Aurora) attacks,” Selvaraj wrote here. “In addition, the use of a zero-day within a PDF, and how the executable is dropped on the system, all match the Hydraq method of operation. Furthermore, we have seen a large number of detections of unique versions of the PDF – not yet seen elsewhere in the wild – coming from a single computer in Shandong Province of China, which is how far back investigators were able to trace the Hydraq attacks.”

Adobe disclosed the zero-day vulnerability last week and warned that it was being actively exploited on the internet to attack users of its Reader application. In addition to bypassing protections built in to more recent versions of Microsoft Windows, the sophisticated exploit also used a stolen digital certificate belonging to Missouri-based Vantage Credit Union, evidently in an attempt to allay suspicions of prospective victims.

Adobe's security team has yet to say when it expects to release a patch. In the meantime, users who don't want to use an alternate PDF application can employ Microsoft's Enhanced Mitigation Experience Toolkit, or EMET, to block attacks. The tool, which was updated earlier this month, will insulate a Reader module that's targeted in the exploit, Adobe said.

Microsoft provides instructions and screenshots here. ®

Beginner's guide to SSL certificates

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
US government fines Intel's Wind River over crypto exports
New emphasis on encryption as a weapon?
To Russia With Love: Snowden's pole-dancer girlfriend is living with him in Moscow
While the NSA is tapping your PC, he's tapping ... nevermind
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
Slap for SnapChat web app in SNAP mishap: '200,000' snaps sapped
This is what happens if you hand your username and password to a 3rd-party
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.