Tag Archives: PDF

New malicious Twitter spam

Just a couple of hours ago I started getting some very shady looking tweets like the below.
 

Malicious Tweet


  
The link in the post is abbreviated, but leads on to a site hosting some obfuscated JavaScript.
  

  
If this JavaScript is executed by the browser an unpleasant payload is delivered to the victim. So far we have seen both malicious PDF documents and executable files. These Trojans attempt to connect to additional locations to download further malware. TrendLabs are currently investigating, watch the blog for updates.
  
This latest Twitter malspam follows hot on the heels of the Gaza and FIFA spam run earlier this month.
  
Be careful where you click and make sure your security software is blocking those evil links.
 

Apple Macs, no crashes or viruses?

rotten-apple-040108-lg

 

That is certainly the case if you believe Apple’s latest advertisement, available here and titled Elimination.

“I just need something that works without crashing, or viruses or a ton of headaches.”

 Apple’s ads have always been amusing, but this won’t be the first time that someone calls them out for also being misleading.

 

To say that there is no malware (or viruses) for the Apple platform is demonstrably untrue. In January of this year a pirated copy of iWork was made available as a Torrent, that copy of iWork was found to contain a trojan. Those affected systems were later found to have been recruited into a botnet that has already been used for DDoS and Spam runs.

 

By the same token, Mac OS and many applications on the Mac OS platform have recently been found vulnerable to some high profile exploits. This was most publicly evidenced by the Pwn2Own at CanSecWest both this year and last, but also includes such well used applications as Adobe Flash and Acrobat and Microsoft Office.

 

For many years now Mac users have believed themselves to be invulnerable to malware, and this is not the first time they have been encouraged by Apple in this belief. This complacency leaves many Mac users with the mistaken belief that either Macs are not vulnerable to malware, or that none exists for their platform or both, impacting their ability to make informed decisions when downloading or installing new software, opening attachments or visiting questionable sites.

 

Given the fact that today’s cybercrime motivation has shifted from a misplaced sense of “l33t h4x0r” pride to a sole focus on the business of generating cash, the threat to Mac users is definitely growing. Cybercrime and malware in today’s world is big business, and one that ever more closely resembles the world of legitimate business, including outsourcing, R&D budgets, Malware as a Service platforms, SLAs and even EULAs. In this shady world of business it would defintely be fair to say that as the Mac market share expands and the user base grows, so does its perceived “investment potential” to the cybercriminal.

 

It’s all about Return on Investment, and the fact that that user base is largely unprepared and the computers themselves largely unprotected can only increase the attractiveness. Apple should talk honestly and openly with their customers about the threat, giving them fair and balanced advice when it comes to protecting their investment, their identites and their cash.

 

As regards the other one, a Google search for “Mac OS crash” yields over 3 million results…

 

For the record, I’m a Mac user.

Foxit PDF Reader beats Adobe to the patch.

The currently actively exploited PDF reader vulnerability that was reported over on the Malware Blog in February, has been causing some serious concerns for users.

 

Exploitation of the vulnerability, through deliberately malformed PDF documents, results in malicious files being dropped on the victim machine, including the Trojan TROJ_PIDIEF.IN.

 

The exploit was also unwittingly given a helping hand by Windows Explorer Shell Extensions, allowing the malicious code to be triggered even without the user opening the bad PDF, (a proof of concept was posted by Didier Stevens here).

 

Despite the security advice  issued by US-CERT, the absence of a patch for the world’s most popular PDF software (Adobe Acrobat Reader) and the ubiquitousness of the vulnerability across applications and platforms from many vendors, meant that the best advice to date has simply been to use extreme caution in opening PDF files from unknown sources, or when clicking on links to PDFs in your internet browser.

 

Why do I bring this relatively old news up now? Well it looks like the good folk over at Foxit Software have beaten Adobe to the punch with a patch to remedy this vulnerability in thier own Foxit Reader. The patch for version 9 of Adobe Acrobat Reader is still anticipated on March 11th, with patches for versions 7 & 8 due one week later.

 

UPDATE: Adobe have released their Acrobat Reader patch a day ahead of schedule, available here.