While the world was ringing in the New Year, hackers were creating new ways to exploit unpatched vulnerabilities in PDF documents according to Internet Storm researcher Bohan Zdrnja.
In his blog post, Zdrnja noted the exploited PDF document once infected contains ‘everything it needs to fully exploit the victim’s machine — it does not have to download anything off the Net.’ Later in the post he states, ‘If we are to judge the new year by the sophistication the attackers started using, it does not look too good.’
In late December, McAfee also released its Threat Predictions report which can be downloaded in full here, and predicted that Adobe’s products will be increasingly targeted by cybercriminals because their usage is so widespread. In its report, McAfee Labs also asserted that Adobe’s product exploitation has the capacity to surpass MS Office programs in 2010.
In a section titled, ‘Malware Writers Love Adobe, Microsoft Products,’ the report states:
In 2009 McAfee Labs saw an increase in attacks targeting client software. The favorite vector among attackers is Adobe products, primarily Flash and Acrobat Reader. Using ‘heap spray-like’ and other exploitation techniques, malware writers have turned Adobe apps into a hot target. Further, Flash and Reader are among the most widely deployed applications in the world, which provides a higher return on investment to cybercriminals. Based on the current trends, we expect that in 2010 Adobe product exploitation is likely to surpass that of Microsoft Office applications in the number of desktop PCs being attacked.
For its part, Adobe’s director of product security and privacy, Brad Arkin in a blog posted mid-December listed January 12th as the target ship date for the update ‘to remediate vulnerability CVE-2009-4324.’ The full blog post can be found here.