Those are all great sites to keep an eye on. I would definitely send an email to employees reminding them if they are seeing suspicious behavior particularly as it relates to PDF's that they notify IT. This is even more important due to the fact that when this latest Adobe PDF zeroday includes malware that was not being detected by the majority of AV products at time of release. One indictor your users can look for is when they open a PDF document and the Adobe Reader/etc closes for no reason or has a prolonged spike in CPU usage without much response from the Adobe interface.
Signed, Marc Maiffret Chief Security Architect FireEye, Inc. http://www.fireeye.com/ From: David Lum [mailto:[email protected]] Sent: Wednesday, December 16, 2009 10:23 AM To: NT System Admin Issues Subject: RE: New Adobe ZeroDay I have this page as one of my six home page tab, even though I'm signed up to get Adobe alert e-, this site is way ahead of their e-mails: http://blogs.adobe.com/psirt/ My others: http://news.cnet.com/security/ http://isc.sans.org/ http://www.doecirc.energy.gov/index.html http://www.securityfocus.com/bid http://secunia.com/advisories/ Sometimes redundant, sometimes not. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 From: Marc Maiffret [mailto:[email protected]] Sent: Wednesday, December 16, 2009 10:02 AM To: NT System Admin Issues Subject: New Adobe ZeroDay There is a new Adobe ZeroDay out that you should start following and make sure to patch your systems whenever Adobe gets to releasing a patch etc... You can read more about it here: http://vrt-sourcefire.blogspot.com/2009/12/adobe-reader-medianewplayer-analysis.html http://twitter.com/hdmoore/status/6706530082 http://extraexploit.blogspot.com/search/label/CVE-2009-4324 http://isc.sans.org/diary.html?storyid=7747 P.S. As I have known many on the list for quite some time now I wanted to update you all that I have recently joined FireEye as Chief Security Architect to help oversee product innovation and research. In a nut shell we are a hardware based solution that bridges some of the visibility and complexity gap of traditional network intrusion prevention and desktop anti-virus in order to provide comprehensive detection for today's latest threats. This includes being able to for example detect the above malicious PDF zeroday at the network level, and through virtual machine verification within the appliance, across your entire organization by simply dropping in a box. http://www.fireeye.com/news_events/pr/20091209_PR.html More fun research to come! Signed, Marc Maiffret Chief Security Architect FireEye, Inc. http://www.fireeye.com/ -- This message has been scanned for viruses and dangerous content by MailScanner<http://www.mailscanner.info/>, and is believed to be clean. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
