Adobe Reader Under Zero-Day Attack

Symantec yesterday confirmed that a new zero-day vulnerability, which means there is not yet any patch available to fix the flaw, in both Adobe Acrobat and Readerunder is under active assault.

An Adobe post says the company is currently investigating. Per Symantec, the current attacks install a Trojan named Trojan.Pidief.H. The infection rate is "extremely limited," according to Symantec, and its risk assessment level is very low, which suggests the threat is for now restricted to targeted attacks.

Combining a targeted attack with a zero-day vulnerability can deliver a one-two knock-out punch. A targeted attack against a specific company or person is usually personalized, often with the recipient's real name, and better crafted than the usual mistake-ridden scam e-mail. So the e-mail stands a much better chance of evading a person's natural suspicions.

Then, if you're successfully tricked into opening an e-mail attachment that delivers a zero-day attack, it's guaranteed to find the software hole it goes after, as long as the relevant software is installed. Potential victims can only hope their antivirus product detects the attack, but security software typically has a much lower detection rate for small-scale targeted attacks.

The only good thing about targeted attacks is that there aren't many of them, compared to the slew of non-personalized attacks and scams. But be extra wary of e-mailed .pdf files all the same, and keep an eye out for a patch from Adobe. You can also upload any .pdf (or other file) to Virustotal.com for a second-opinion malware scan, but again, many antivirus programs will miss new targeted attacks.

Subscribe to the Security Watch Newsletter

Comments