Adobe Reader is world's most-exploited app
Posted: Fri Mar 26, 2010 1:18 am
http://www.theregister.co.uk/2010/03/09 ... r_attacks/
It's official: Adobe Reader is world's most-exploited app
The new Microsoft
By Dan Goodin in San Francisco
Posted in Malware, 9th March 2010 20:33 GMT
Free whitepaper – Taking control of your data demons: Dealing with unstructured content
Adobe's ubiquitous Reader application has replaced Microsoft Word as the program that's most often targeted in malware campaigns, according to figures compiled by F-Secure.
Files based on Reader were exploited in almost 49 per cent of the targeted attacks of 2009, compared with about 39 per cent that took aim at Microsoft Word. By comparison, in 2008, Acrobat was targeted in almost 29 per cent of attacks and Word was exploited by almost 35 per cent.
"Why has it changed?" F-Secure asks here (http://www.f-secure.com/weblog/archives/00001676.html). "Primarily because there has been more vulnerabilities in Adobe Acrobat/Reader than in the Microsoft Office applications."
Underscoring the surge of Reader attacks, online thugs recently unleashed a new malware campaign that exploits vulnerabilities patched three weeks ago in the widely-used program. The attacks target financial institutions with a PDF file with a name that refers to the so-called Group of 20 most influential economic powers. F-Secure and Microsoft have additional details here (http://www.f-secure.com/weblog/archives/00001903.html) and here (http://blogs.technet.com/mmpc/archive/2 ... -wild.aspx).
When victims click on the file with unpatched versions of Reader, the file installs a backdoor that causes their system to connect to a server at tiantian.ninth.biz.
Other applications included in Microsoft Office also experienced sharp declines in exploitation. PowerPoint attacks dropped from almost 17 per cent in 2008 to less than five per cent last year. Excel fell from about 17 per cent to less than eight per cent. ®
Related stories
Researcher spies new Adobe code execution bug (18 February 2010)
http://www.theregister.co.uk/2010/02/18 ... oad_peril/
Dear Adobe: It's time for security rehab (5 February 2010)
http://www.theregister.co.uk/2010/02/05 ... _proposal/
Adobe fixes critical Shockwave bugs with neanderthal patch (20 January 2010)
http://www.theregister.co.uk/2010/01/20 ... wave_bugs/
Poisoned PDF pill used to attack US military contractors (18 January 2010)
http://www.theregister.co.uk/2010/01/18 ... espionage/
Critical Adobe updates overshadow MS Patch Tuesday (13 January 2010)
http://www.theregister.co.uk/2010/01/13 ... h_tuesday/
Adobe Reader vuln hit with unusually advanced attack (4 January 2010)
http://www.theregister.co.uk/2010/01/04 ... er_attack/
Adobe: critical Acrobat flaw fix 4 weeks away (17 December 2009)
http://www.theregister.co.uk/2009/12/17 ... _pdf_flaw/
Attacks spread malware with help from AppleInsider (16 December 2009)
http://www.theregister.co.uk/2009/12/16 ... v_attacks/
It's official: Adobe Reader is world's most-exploited app
The new Microsoft
By Dan Goodin in San Francisco
Posted in Malware, 9th March 2010 20:33 GMT
Free whitepaper – Taking control of your data demons: Dealing with unstructured content
Adobe's ubiquitous Reader application has replaced Microsoft Word as the program that's most often targeted in malware campaigns, according to figures compiled by F-Secure.
Files based on Reader were exploited in almost 49 per cent of the targeted attacks of 2009, compared with about 39 per cent that took aim at Microsoft Word. By comparison, in 2008, Acrobat was targeted in almost 29 per cent of attacks and Word was exploited by almost 35 per cent.
"Why has it changed?" F-Secure asks here (http://www.f-secure.com/weblog/archives/00001676.html). "Primarily because there has been more vulnerabilities in Adobe Acrobat/Reader than in the Microsoft Office applications."
Underscoring the surge of Reader attacks, online thugs recently unleashed a new malware campaign that exploits vulnerabilities patched three weeks ago in the widely-used program. The attacks target financial institutions with a PDF file with a name that refers to the so-called Group of 20 most influential economic powers. F-Secure and Microsoft have additional details here (http://www.f-secure.com/weblog/archives/00001903.html) and here (http://blogs.technet.com/mmpc/archive/2 ... -wild.aspx).
When victims click on the file with unpatched versions of Reader, the file installs a backdoor that causes their system to connect to a server at tiantian.ninth.biz.
Other applications included in Microsoft Office also experienced sharp declines in exploitation. PowerPoint attacks dropped from almost 17 per cent in 2008 to less than five per cent last year. Excel fell from about 17 per cent to less than eight per cent. ®
Related stories
Researcher spies new Adobe code execution bug (18 February 2010)
http://www.theregister.co.uk/2010/02/18 ... oad_peril/
Dear Adobe: It's time for security rehab (5 February 2010)
http://www.theregister.co.uk/2010/02/05 ... _proposal/
Adobe fixes critical Shockwave bugs with neanderthal patch (20 January 2010)
http://www.theregister.co.uk/2010/01/20 ... wave_bugs/
Poisoned PDF pill used to attack US military contractors (18 January 2010)
http://www.theregister.co.uk/2010/01/18 ... espionage/
Critical Adobe updates overshadow MS Patch Tuesday (13 January 2010)
http://www.theregister.co.uk/2010/01/13 ... h_tuesday/
Adobe Reader vuln hit with unusually advanced attack (4 January 2010)
http://www.theregister.co.uk/2010/01/04 ... er_attack/
Adobe: critical Acrobat flaw fix 4 weeks away (17 December 2009)
http://www.theregister.co.uk/2009/12/17 ... _pdf_flaw/
Attacks spread malware with help from AppleInsider (16 December 2009)
http://www.theregister.co.uk/2009/12/16 ... v_attacks/