If you like this, you can use flattr. ;)
- Quickpost: Inspiring Windows software profilers and checkers
- 0x41 - back to bugs
- low footprint/hardware assisted virtualization with Linux and GrSec
- Postfix troubleshooting - a security nightmare
- New content soon
- 0x41 - (weekly) exploitation matters - Vista Heap, scripting debuggers with debug libs and how to learn to use that knowledge
- 0x41 - weekly exploitation matters - Shellcode and frameworks
- Explicit and implicit security in software development - measures and change
- 0x41 - weekly exploitation matters - Heap overflow fundamentals
- 0x41 - weekly exploitation matters - About
- wishinet: http://www.godblock.com/#what "block sexual, and psychologically harmful material" like "holy texts". Protect "from being indoctrinated"
- wishinet: Load average: 23.69 20.11 14.95 - jepp, this is obviously bad.
- wishinet: http://img2.moonbuggy.org/imgstore/ethernet-killer.jpg
- wishinet: According to my 400d stats the most viewed page at my blog is phpids's xss warning. You can do better! :)
- wishinet: I'm super-hungry after some meditation... guess this isn't normal. :-) 0xf000000d
UnprotectedHex - about formal software verification
Sean's blog
Xecurity - a security feed collecter
Reddit RCE group
Freedom To Tinker
Emergent Chaos
Woodmann RCE forums
OpenRCE community forums
SecViz - security data visualization
DAVIX Live - for security metrics
Hex Live
Security Metrics
Immunity's Free Software
Core Security's OpenSouce research
Zynamics Blog
Javascript, Acrobat, Linux and the Swine Flu
Wed, 04/29/2009 - 16:06 | wishi
txtJS and the Acrobat bring the Swine Flu to Linux
Human or swine origin - in case of spammers that's now the question.
It seems to be a strange friendship: since JavaScript in Adobe's Acrobat Reader is common, targeted Office Malware attacks against it are everywhere. What's extraordinary dangerous here is, that especially unsophisticated users who just do their Office-stuff, are affected. - Not just the Administrator or any other IT person, that'll be far away to fix this.
Because of the Swine Flu spamming a successful spreading of this Malware seems to be very much likely. So no pandemic situation in the real world, but in IT?
These attacks are targeted to cause Data Leakage. Disclosure happens after the Exploits aren't useful any longer. That's now - nearly. I expect a Windows Exploit within the next two days appearing in the feeds.
SecurityFocus reports about the Acrobat Reader - but it just recently had another remote Exploit. Secunia's advisory links to the original ones from Packetstom:
http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt
http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt
The solution is very dissatisfying: just don't open strange PDFs. Nevertheless this actually directly only affects Linux - be aware that it's highly likely to cause trouble in a Windows or Mac environment, too. That's just what I assume.
Updates:
- an 0day for Acrobat Reader was sold on the black-market for 75 000 $. Source seems to be Matthew Watchinski from VRT. A reliebale source. So deactivate JS in your Readers now. Maybe that helps.
- F-Secure has a new collection of targeted examples. Maybe Spammers are too lazy to alter their target-files.
- you have made up the policies at your DLP, didn't you? Check them, now! Again ;).
- nice article in Tech Harald.
Have fun,
wishi
Tags: 
Post new comment