Adobe PDF-based attacks to spread the use of fake antivirus software

Researchers at security company “Sophos has detected that the attacker uses a PDF file to identify the version of Adobe Reader and triggers an appropriate attack code. If used effectively, demands for Sophos, a selection of fake antivirus software download and implemented on the target computer. Chester Wisniewski, Senior Security Advisor at Sophos, says that the first direction, the user to http://CENSORED/kt/ck_fuh/w ###_. pdf. Since many different other malicious PDF document, identifies the Adobe PDF Acrobat / Reader PC version is on the victim and then takes a load that the user can take advantage of safety without a note, as reported by Softpedia 2 July 2010. Wisniewski writes in his blog that the attack uses CVE 2009-0927, CVE-2008-2992, CVE- CVE 2007-5659 and 2009-4324 are versions of Acrobat and Reader, 9th 0th x, .. 1 8 2 and 7. first and 0 earlier, as reported by Sophos June 30, 2010. The researchers also explained that the first version PDF Acrobat corrupt the victim discovers and uses it to trigger a PDF file suitable for use. when the victim visits the URL tries to load the PDFs via your browser, which is forwarded to Google. If you use Adobe Acrobat / Reader, which may be a file start polluting malignant Windows computers, add Wisniewski. Apparently, the researchers say that the payload is Sophos Troj / FakeAV-BTI, which turns off the phishing filter in Internet Explorer. The labels also FAKEAV. exe so minimal risk and rolls of detection of executable files. Also, disable any proxy servers that can be set, which means that malicious software attacks on home computers. The attack does not affect anyone that has done its Acrobat / Reader update from February 2009. But many computers that are running without spots. In commenting on the attack, said security researchers Hackers can use PDF technology to detect attacks more difficult for security researchers. further develop this concept has been implemented with the payload as a mere display, and the address of the second access through the Reader. If accessed via a browser, a redirect would be fired connect to Google . com.