Adobe PDF

Is .info the New .cc?

By Kurt BaumgartnerIn April, the and sub-domains were absolutely littered with malware distributing web sites, and the unusually telling DNS registration setup on and had forecast the previously upcoming Apple FakeAv. That DNS setup later led to FakeAv downloads for the Mac as forecast. But FakeAv distribution has been steadily declining since the beginning of the year, and a few related major events have occurred over the past six months. Blackhole operators have migrated to .info domains, along with other related malicious site operators. Have they pushed .info to become the new .cc?

By Chris Greamo

Over the past few years, malicious PDFs have become common place and a prefered vector for attackers. Last week, Adobe announced the release
of Reader X – the much anticipated next major release of
their ubiquitous document reader, which includes a new security feature
called ”Protected Mode”. Protected Mode is designed to restrict the
ability of an attacker who exploits Reader using a malicious PDF to
damage, modify, or gain full control of the underlying host.

On the same day that it plans to release a patch for a critical flaw in Shockwave, Adobe confirmed on Thursday morning that there is a newly discovered bug in Flash that is being actively exploited already in attacks against Reader. The vulnerability affects Flash on all of the relevant platforms, including Android, as well as Reader on Windows and Mac, and won’t be patched for nearly two weeks.

If there was still any question that Adobe’s products have emerged as the prime targets for attackers right now, the events of the last week have removed any doubt. Within the space of six days, Adobe has been forced to release separate warnings about attacks targeting unpatched flaws in both its Reader and Flash Player products.

Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac and UNIX users to malicious hacker attacks.The update, which affects Adobe Reader/Acrobat 9.3.2 (and earlier versions), includes a fix for the outstanding PDF “/Launch” functionality social engineering attack vector that was disclosed by researcher Didier Stevens.

Adobe issued an alert late Friday night to warn about zero-day attacks against an unpatched vulnerability in its Reader and Flash Player software products.The vulnerability, described as critical, affects Adobe Flash Player and earlier versions for Windows, Macintosh, Linux and Solaris operating systems.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.