Feeds

Adobe exploit bears fingerprints of hack on Google

New in-the-wild attacks unearthed

Choosing a cloud hosting partner with confidence

Recent attacks that exploit an unpatched vulnerability in Adobe's near-ubiquitous Reader application bear the hallmarks of the people who breached Google and dozens of other large companies earlier this year, researchers from Symantec said.

The booby-trapped PDF files are attached to emails that request interviews and offer expert commentary on matters involving North Korea and China, according to Symantec's Karthik Selvaraj. They began circulating as early as September 1 and contain similarities to emails that contained the Hydraq trojan that was used to penetrate Google, Adobe Systems and at least 32 other companies. Parallels include wording in the email, multiple variants of the PDF, and the same geographic region of one of the people responsible.

“If the above emails look familiar, it is because their style is very similar to the emails used in Hydraq (Aurora) attacks,” Selvaraj wrote here. “In addition, the use of a zero-day within a PDF, and how the executable is dropped on the system, all match the Hydraq method of operation. Furthermore, we have seen a large number of detections of unique versions of the PDF – not yet seen elsewhere in the wild – coming from a single computer in Shandong Province of China, which is how far back investigators were able to trace the Hydraq attacks.”

Adobe disclosed the zero-day vulnerability last week and warned that it was being actively exploited on the internet to attack users of its Reader application. In addition to bypassing protections built in to more recent versions of Microsoft Windows, the sophisticated exploit also used a stolen digital certificate belonging to Missouri-based Vantage Credit Union, evidently in an attempt to allay suspicions of prospective victims.

Adobe's security team has yet to say when it expects to release a patch. In the meantime, users who don't want to use an alternate PDF application can employ Microsoft's Enhanced Mitigation Experience Toolkit, or EMET, to block attacks. The tool, which was updated earlier this month, will insulate a Reader module that's targeted in the exploit, Adobe said.

Microsoft provides instructions and screenshots here. ®

Beginner's guide to SSL certificates

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.