The Zeus botnet is now using an unpatched flaw in Adobe's PDF document format to infect users with malicious code, security researchers said.
The attacks come less than a week after other experts predicted that hackers would soon exploit the "/Launch" design flaw in PDF documents to install malware on unsuspecting users' computers.
The just-spotted Zeus variant uses a malicious PDF file that embeds the attack code in the document, said Dan
Hubbard, CTO of San Diego, California-based security company Websense. When users open the rogue PDF, they're asked to save a PDF file called "Royal_Mail_Delivery_Notice.pdf." That file, however, is actually a Windows executable that when it runs, hijacks the PC.
Zeus is the first major botnet to exploit a PDF's /Launch feature, which is, strictly speaking, not a security vulnerability but actually a by-design function of Adobe's specification. Earlier this month, Belgium researcher Didier Stevens demonstrated how a multistage attack using /Launch could successfully exploit a fully-patched copy of Adobe Reader or Acrobat.
Read more: http://www.pcworld.com
Volut-ID | World News Articles
All news of interest and can provide an info for you, and so can assist in the search for new news.
About news gadgets, mobile phones
info about the latest mobile phone, from news, features, and the most mobile phone models in search of the world.
No response to “Botnet Exploits PDF Flaw”
Leave a reply