Fixes for Adobe Reader and Acrobat versions 8.1 or prior need to be installed to mitigate a critical vulnerability and the exploits flying around the Internet trying to penetrate those flaws.
The critical Adobe Acrobat Mailto Unspecified PDF File Security Vulnerability, listed here, affects Windows XP users with Internet Explorer 7 in place. Vista is not affected by this problem.
Although Adobe has released fixes for the issue, criminal spammers have been trying to hit people who are slow to update their products. Security firm McAfee reported on their Avert Labs blog the presence of such an exploit in spam messages today.
“Successful exploitation leads to a batch file being executed on the victim’s machine that disables the built-in windows firewall,” said Vinoo Thomas, “and then downloads a password stealer from an IP address located on the RBN network.
Regular readers of SecurityProNews won’t be surprised to learn this exploit has ties to Russia, as so many spam campaigns have over time. RBN, also known as the Russian Business Network (have to love that spammer humor), may be a legitimate business, but it hosts plenty of criminal efforts.
It also comes as no surprise that Russian law enforcement has enjoyed no success in policing RBN for illicit activity, according to reports from other computer security companies.
Security pros should ensure their systems and networks have the Adobe updates in place as needed.
More: continued here
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!