Hi, Security researchers warn that an attack making use of malicious PDF files is targeting U.S. government contractors. The files attempt to exploit a critical Adobe Reader vulnerability that was patched last week. "The PDF file was quite convincing and it looked like it came from the Department of Defense. The document talks about a real conference to be held in Las Vegas in March," Mikko Hyppönen, chief research officer at antivirus vendor F-Secure,
"It is with great pleasure that we invite Government representatives from your respective military services to the Mission Planning Users Conference (MPUC) 2010. The MPUC is an unclassified event that provides a forum for promoting information exchange, user training, and innovative product demonstrations for the Mission Planning community to include developers, users, sustainment and acquisition representatives," part of the document reads. [image: Malicious PDF document posing as a legit invitation]<http://news.softpedia.com/newsImage/U-S-Defense-Contractors-Attacked-via-Malicious-PDFs-3.jpg/> [image: Enlarge picture]<http://news.softpedia.com/newsImage/U-S-Defense-Contractors-Attacked-via-Malicious-PDFs-3.jpg/> But hidden inside the file is a JavaScript code, which exploits the CVE-2009-4324 vulnerability. This flaw was originally *disclosed*<http://news.softpedia.com/news/Zero-Day-Adobe-Reader-Exploit-Found-in-the-Wild-129921.shtml>back in December as a zero-day and involves the doc.media.newPlayer() function of Adobe Reader and Acrobat's Multimedia.API. If exploitation is successful, a file called Updater.exe is dropped and executed on the system. This installs a backdoor component that can be used to control the infected computer remotely. According to F-Secure, the backdoor bypasses the local Web proxy settings and reports back to an IP address in Taiwan. A working exploit for this vulnerability has been known since mid-December; however, several variations have been detected in the wild until now. At the beginning of the year, security researchers from SANS' Internet Storm Center *announced*<http://news.softpedia.com/news/Complex-Attack-Leverages-Unpatched-Adobe-Reader-Flaw-131208.shtml>that employees from various companies had received similarly rigged PDF files, as part of a highly sophisticated attack. -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
