It has been recently disclosed that Adobe Acrobat Reader is vulnerable to a virus attack. Known as Adobe Reader PDF File Handling Remote Code Execution Vulnerability. A .pdf file, which is what you are reading with acrobat, is created with some code in it that uses java to exploit your computer.
After checking the usual exploit sites, I found several versions of this attack and proof of concepts. I tested them against several anti virus programs, and so far none of them detect it. I believe it is because of the way this attack is implemented. And I don't think they will detect it since it's not an "infected" file but a .pdf document. I could be wrong about this and maybe there will be some anti virus software that will detect it. Let me clarify this. The exploits I found were not detected. There is a trojan going around, called Pidief.E, which uses this vulnerability to install a second piece of malware. This second piece of malware takes screen shots and installs a keylogger. The screen shots and what you have typed on your computer are uploaded somewhere so the bad guys can go through it, and look for user names, passwords, credit card numbers, etc.
This particular malware can be detected, it's the others that are out there that are worrisome.
I was more concerned with finding a fix now, because Adobe has said the flaw will be closed by March 11th, through updates to Acrobat Reader 9. Updates for earlier versions will be released later.
For now I have found to fixes. The first is a "homebrew" patch from soucerfire and can be found here. While I applaud their efforts, replacing the .dll file with their patch could have unknown results. The second fix, which I have been implimenting all day it work today, is to disable java script in acrobat reader. This is easy enough to do. Simply run Adobe Acrobat Reader. Select edit and go down to teh bottom and select prefrences. Once prefrences is open, you will see JavaScript on the left side, under catagories. After you have selected JavaScript, you will see your options on the right. The first box that is checked says Enable Acrobat Java Script. Just uncheck this box, and you are done.
If you open a .pdf file in the future and it asks you to re-enable java script, be sure to tell it no. And be sure to update Acrobat Reader when Adobe does post the update.
February 24, 2009
February 10, 2009
gif Virus?
Up until now, you didn't have to worry about graphics being a virus. Then I came across this at the Internet Storm Center over at sans.org
.gif Files Presenting a Not so Pretty Picture
Published: 2009-02-07,
Last Updated: 2009-02-07 21:51:03 UTC
by Tony Carothers (Version: 1)
0 comment(s)
A Storm Center subscriber has just submitted malware embedded in .gif image files, downloaded from the image site 4chan.org. For the sake of expediency, and because this person did such a good write up, here is the analysis provided:
"The *.gif files were found the "random" board of the image board site 4chan. The files contain a large picture with instructions to save the file with a .jse extension and run it.
The *.out files are the result of applying scrdec to the gifs to reveal the encoded script.
It appears to:
(1) copy itself somewhere as 'sys.jse'
(2) add itself to a Run key in the registry
(3) (a) fetch the index to 4chan's /b forum
(b) download the first image
(c) save it as 'j.jse'
(d) attempt to run 'j.jse'
(4) construct a POST request containing the image as payload
(5) upload itself as a new post on 4chan
(6) point an instance of IE at site it came from
(3)-(6) are in an infinite loop."
To the subscriber who did the legwork on tihs one, my thanx for the excellent work
(View the original post here)
So after reading this, I see it's not so bad. Basically, you will have to rename and run the file. So you don't have to worry about .gif files being a virus at this time. However it did bring a good point to mind, that I thought I would share. You should never have to change the extension, or the last 3 letters after the dot in a file name. For eample, something.gif to something.com or something.exe or anything like that. If you are asked to do so, it's a very good chance that it could be, to get you to install something, without you knowing.
.gif Files Presenting a Not so Pretty Picture
Published: 2009-02-07,
Last Updated: 2009-02-07 21:51:03 UTC
by Tony Carothers (Version: 1)
0 comment(s)
A Storm Center subscriber has just submitted malware embedded in .gif image files, downloaded from the image site 4chan.org. For the sake of expediency, and because this person did such a good write up, here is the analysis provided:
"The *.gif files were found the "random" board of the image board site 4chan. The files contain a large picture with instructions to save the file with a .jse extension and run it.
The *.out files are the result of applying scrdec to the gifs to reveal the encoded script.
It appears to:
(1) copy itself somewhere as 'sys.jse'
(2) add itself to a Run key in the registry
(3) (a) fetch the index to 4chan's /b forum
(b) download the first image
(c) save it as 'j.jse'
(d) attempt to run 'j.jse'
(4) construct a POST request containing the image as payload
(5) upload itself as a new post on 4chan
(6) point an instance of IE at site it came from
(3)-(6) are in an infinite loop."
To the subscriber who did the legwork on tihs one, my thanx for the excellent work
(View the original post here)
So after reading this, I see it's not so bad. Basically, you will have to rename and run the file. So you don't have to worry about .gif files being a virus at this time. However it did bring a good point to mind, that I thought I would share. You should never have to change the extension, or the last 3 letters after the dot in a file name. For eample, something.gif to something.com or something.exe or anything like that. If you are asked to do so, it's a very good chance that it could be, to get you to install something, without you knowing.
February 8, 2009
One Video Player to Rule Them All - VLC
It dawned on me that I have never talked about my favorite video player, VLC. One of my ideas for this blog was to share with you, some of the programs I use. VLC has to be one of the programs that gets the most use, on my computer.
The VLC Media Player is the only media player you will ever need. When it comes to video formats, it will play; mpeg, divx / xvid, quicktime, h.264 and windows media up to wmv version 9. It will also play earlier versions of real media. It also plays most audio formats including, mp2, mp3, flac, wave, wma, aac, ac3, alc, dts and dv audio.
You can also listen to and watch audio & video streams, withthe added bonus of capturing them. Is there an internet radio station that plays something you would like to capture? With vlc you can. You can also create your own audio and video streams with it.
There's tons of advanced audio and video pre and post processing options. As well as the ability to use subtitle files with your movies, if they have them. One of the audio features it has, I just love, and haven't seen anyone else try is; you can turn the volume up to %400! If you have built in speakers on your monitor, you may have noticed that sometimes, they just won't go loud enough. Now you can crank up the volume beyond %100, up to %400, and hear what you have been missing.
The programers that make VLC didn't leave anyone out. There are Windows, Mac, BeOS, and various BSD & Linux flavors, available for download.
If you have't tried vlc media player, you may want to. I highly recomend it and would consider it, one of my top 10 must have programs.
February 5, 2009
Busy Busy
I got a new host and have started 4 new websites last month. This one had become neglected but I will probably revamp this. I'm now using Word Press and love it. Blogger was great to get me started, but having my own host running Word Press is so much better. I believe I can import this into Word Press. Then I'll host it myself.
The other sites I started aren't finished yet. One is a personal blog that I just set up so I can keep my family and friends current on what I'm up to.
Another one is a site for my music. I haven't done a whole lot with this one yet because I've been too busy. Once it's open I'll post a link here.
Another one is a political blog. I've never been big into politics. Mostly because I've been so disgusted with our government. But things have changed and I find myself quite interested in our new President. This is the latest of my website projects. Just started it a couple nights ago and have been working on it full steam. This one I hope to generate some revenue with eventually. That makes it different from all the others. I'm even going to give Google Ad Words some money to promote it.
And last, but not least, the wife and I are making a site for our art. But this one is also neglected at the moment. We have done some more art but I haven't posted any of it. This one will also run on Word Press.
There is also a blog I am suppose to build for my family once I get a little more time (hah).
So many things have happened in the tech world that I need to talk about. I'll be back here soon...
The other sites I started aren't finished yet. One is a personal blog that I just set up so I can keep my family and friends current on what I'm up to.
Another one is a site for my music. I haven't done a whole lot with this one yet because I've been too busy. Once it's open I'll post a link here.
Another one is a political blog. I've never been big into politics. Mostly because I've been so disgusted with our government. But things have changed and I find myself quite interested in our new President. This is the latest of my website projects. Just started it a couple nights ago and have been working on it full steam. This one I hope to generate some revenue with eventually. That makes it different from all the others. I'm even going to give Google Ad Words some money to promote it.
And last, but not least, the wife and I are making a site for our art. But this one is also neglected at the moment. We have done some more art but I haven't posted any of it. This one will also run on Word Press.
There is also a blog I am suppose to build for my family once I get a little more time (hah).
So many things have happened in the tech world that I need to talk about. I'll be back here soon...
Subscribe to:
Posts (Atom)
Posts
