Sign In
Register
Help
Post your comments for Attacks on Adobe Intensify here
Page 1 of 1
Attacks on Adobe Intensify
MultiQuote
#2
mcbarker 
- Expert
-
- Group: Members
- Posts: 1,078
- Joined: 10-August 06
- Location:Connecticut, USA
Posted 11 February 2008 - 08:56 AM
I solved the bloated Adobe Reader's vulnerability problems by removing it from my system and replaced it with Foxit Reader. Much smaller, free, and does the job just as well.
#3
Evildave
- Expert
-
- Group: Members
- Posts: 1,549
- Joined: 24-January 08
Posted 11 February 2008 - 10:50 AM
Meh. Sounds like your standard buffer overrun and underrun fun that's been exploited endlessly in many file formats with data compression. The technique is old. Drop in some code and an invalid compression opcode that blows the stack during decompression to set a 'return' address to your compressed data, and Bob's your uncle. Microsoft has 'fixed' hundreds of these bugs in their own libraries, and they're far from finished. Looks like the trojan/virus even uses the standard email attachment delivery as well, so a halfway competent spam/virus filter on your email server should eat the infected messages... assuming your email server has a halfway competent spam/virus filter. I (smugly) use gmail, and don't ever even see junk like this.
This is still mostly a Windows flaw because Adobe's software shouldn't be running as 'Administrator' (the default Windows user access level), files in the system and program folders shouldn't be modifiable in normal circumstances, and above all else, DLL files shouldn't be 'searched for', such that the more common exploits in Windows that have NEVER been fixed where software loads a system or common library .DLL and instead finds a 'custom' one in the folder it's running in. The flaw where any file with the right file extension can be executed anywhere it's found is another big one. It might even exploit the capability of installing fonts temporarily to render PDF content, installing a '.exe' font into the Windows/Font folder.
Microsoft (sort of) tried addressing this in Vista, but after a week, most users automatically accept that 'Elevated Permission' warning prompt without even thinking about it.
Adobe's a victim of its own success getting that monstrous Acrobat Reader pig installed in everybody's machine by having it bundled with software whose documents are in PDF format. The part where they made the application so enormous and fiendishly complex that anybody might find a hole is entirely Adobe's fault. At least Flash doesn't allow you to write a ten line keylogger with internet connectivity anymore. Not since Adobe Flash 9, anyway.
You also have software like 'TaxCut' that are allowed to crap all over the permissions to make the whole Program Files tree writable for the current user (you gave setup blanket permission to do whatever it liked when you clicked that 'Elevate Me' window to allow it to install), kicking gaping holes in whatever half-hearted 'security' measures Microsoft added. Most users will happily disable all such security measures as soon as it prevents them running something they need, like, say, Tax software at 10:00pm on April 15th. let alone the poor dimwits who will click away attachment warnings to see a joke, dirty picture or cartoon whenever they get one. Don't worry, about TaxCut though. If you buy 'TurboTax', it scribbles on the partition table and installs its own 'activation' spyware, potentially breaking non-NTFS partitions it happens to be running on.
There are a LOT of common Windows applications out there made by major software companies that are very badly behaved, security-wise, not least Windows its self for allowing them to run that way. That's the 'backwards compatibility' everybody ultimately demands, and it's another reason why Vista is doomed to be as infested with malware as any other Windows version..
Easy work-around, already pointed out in this thread, use a 'different' PDF reader. Looks like I use 'Envince Document Viewer', but that came pre-installed in Ubuntu Linux (I use the of 'use different OS' approach to malware), which doesn't allow the same dumb exploits that a Windows OS does (different exploits, certainly, but you have to work harder for them, and your virus can only target small subsections of the installed Linux community, so there's not a lot of reward for writing one). Works fine for me. I do have a full version of Acrobat, but it lives in a VMware session that resets to its original state every time I shut it down (like doing a Windows checkpoint/restore every time it boots). Ubuntu also came with a PDF writing printer driver and OpenOffice.org exports PDF files as well, so other than some E-Forms that some people have forced me to use in the past, I don't need Adobe Acrobat.
This is still mostly a Windows flaw because Adobe's software shouldn't be running as 'Administrator' (the default Windows user access level), files in the system and program folders shouldn't be modifiable in normal circumstances, and above all else, DLL files shouldn't be 'searched for', such that the more common exploits in Windows that have NEVER been fixed where software loads a system or common library .DLL and instead finds a 'custom' one in the folder it's running in. The flaw where any file with the right file extension can be executed anywhere it's found is another big one. It might even exploit the capability of installing fonts temporarily to render PDF content, installing a '.exe' font into the Windows/Font folder.
Microsoft (sort of) tried addressing this in Vista, but after a week, most users automatically accept that 'Elevated Permission' warning prompt without even thinking about it.
Adobe's a victim of its own success getting that monstrous Acrobat Reader pig installed in everybody's machine by having it bundled with software whose documents are in PDF format. The part where they made the application so enormous and fiendishly complex that anybody might find a hole is entirely Adobe's fault. At least Flash doesn't allow you to write a ten line keylogger with internet connectivity anymore. Not since Adobe Flash 9, anyway.
You also have software like 'TaxCut' that are allowed to crap all over the permissions to make the whole Program Files tree writable for the current user (you gave setup blanket permission to do whatever it liked when you clicked that 'Elevate Me' window to allow it to install), kicking gaping holes in whatever half-hearted 'security' measures Microsoft added. Most users will happily disable all such security measures as soon as it prevents them running something they need, like, say, Tax software at 10:00pm on April 15th. let alone the poor dimwits who will click away attachment warnings to see a joke, dirty picture or cartoon whenever they get one. Don't worry, about TaxCut though. If you buy 'TurboTax', it scribbles on the partition table and installs its own 'activation' spyware, potentially breaking non-NTFS partitions it happens to be running on.
There are a LOT of common Windows applications out there made by major software companies that are very badly behaved, security-wise, not least Windows its self for allowing them to run that way. That's the 'backwards compatibility' everybody ultimately demands, and it's another reason why Vista is doomed to be as infested with malware as any other Windows version..
Easy work-around, already pointed out in this thread, use a 'different' PDF reader. Looks like I use 'Envince Document Viewer', but that came pre-installed in Ubuntu Linux (I use the of 'use different OS' approach to malware), which doesn't allow the same dumb exploits that a Windows OS does (different exploits, certainly, but you have to work harder for them, and your virus can only target small subsections of the installed Linux community, so there's not a lot of reward for writing one). Works fine for me. I do have a full version of Acrobat, but it lives in a VMware session that resets to its original state every time I shut it down (like doing a Windows checkpoint/restore every time it boots). Ubuntu also came with a PDF writing printer driver and OpenOffice.org exports PDF files as well, so other than some E-Forms that some people have forced me to use in the past, I don't need Adobe Acrobat.
Page 1 of 1
