Oracle of ONE1

There is a new social engineering attack that utilizes the /Launch capability in Acrobat Reader. It is currently being exploited by a particularly nasty trojan named Zeus. It is simple to protect yourself from this exploit some please disable /launch by following the instructions at http://blogs.adobe.com/adobereader/2010/04/didier_stevens_launch_function.html.

For more on Zeus, see this Wikipedia article.

As always; keep your software updated, use anti-malware detection software, use a well-configured firewall when accessing public Internet access point, and use common sense to recognize phishing attempts.

Adobe’s products have received recent scrutiny from the security community. In fact, many have suggested that their products will be the main target for malware in 2010. Why? Well Adobe’s Acrobat Reader and Shockwave are very widely distributed and many vulnerabilities are being discovered which often remain unpatched for a while. Adobe has some improving to do.

In the meantime, you can protect yourself somewhat and still use Acrobat Reader. These steps do not guarantee your safety but do reduce your risk profile.

(more…)