Quantcast
PC World: Technology Advice You Can Trust
Search
Browse by Topic
Subscribe to magazine

Magazine

Subscribe & Get
a Bonus CD

Customer Service

Audio & Video Business Center Cameras Cell Phones & PDAs Communications Components & Upgrading Desktop PCs DVD & Hard Drives Gaming Hardware & Software HDTV Laptops Macs & iPods Monitors Printers Spyware & Security The PCW Test Center Windows Vista & XP
Resource Centers
Asus Notebook Center
Intel Technology Center
CDW Solution Center
Lenovo Laptop Showcase
Try It Free
White Paper Library
Webcast Library
Most Popular Search Terms
Most Popular Products
Most Popular Downloads
Today at PC World
Today @ PC World
News, opinion, and links from the PC World staff.
Recent entries in this blog:
Wednesday, October 24, 2007 11:36 AM PT Posted by Stuart Johnston

Block Adobe PDF Attacks Now

Less than 24 hours after Adobe plugged a group of critical holes in its Acrobat/Reader software, anti-virus vendor Symantec is reporting there are now attacks "in the wild" (i.e., the Internet at large) that take advantage of the just-patched vulnerabilities.

That means that getting the patch should now be pushed up to the top of your to do list.

A post on Symantec's Security Response Weblog puts it this way:

"One day later, we have discovered a new Trojan named Trojan.Pidief.A that actually exploits this vulnerability to compromise an unpatched computer. So far we have seen a fair number of emails containing this new Trojan in the wild. It is likely that Trojan.Pidief.A has been spammed out in targeted attacks on specific business organizations."

The Trojan is using a classic "social engineering" ploy to trick you into clicking on the infected Portable Document Format (PDF) file that arrives in e-mail. The e-mails have alarming subject lines like "invoice," "statement," or "bill." Of course, the idea is to push your panic buttons and make you think someone has stolen your identity or something similar.

In that moment, you're much more likely to click on the PDF file attachment to find out what's going on – which, of course, is what the bad guys want -- thus infecting yourself. The Trojan then downloads a "downloader" program to your PC. You can guess the rest.

Yesterday it was a good idea – now it's an imperative. Get the patched version and a discussion of the vulnerabilities at Adobe's Security Alert page.

You're only at risk, however, if you're running Windows XP with Internet Explorer 7. Windows Vista users are safe from attack.

As a side note, Microsoft yesterday released the latest edition of its Security Intelligence Report. And, in relation to this latest round of attacks, it makes the point that you can expect to see more of these in the near future.

According to a Microsoft press release about the report:

"The study also shows a 500 percent increase in trojan downloaders and droppers, malicious code used to install files such as trojans, password stealers, keyboard loggers and other malware on users’ systems."

As always, remember to think before you click. The bad guys want you to do the opposite and that's why they try to push your personal survival buttons.


Comments
Post a comment Post a comment
Recent Posts
Ask.com Buys Dictionary.com
Beantown Welcomes Apple Store in Its Own Special Way
Xbox 360 Sales Hit 10 Million and Beats Wii, PS3 - But Not Fairly
CBS to Gobble Up CNET Networks for $1.8 Billion
RIAA Participates in File Swapping to Nab Sharers
Google Now Does Real Estate Searches in Maps: We're Not Impressed
Xbox 360 Getting Hotmail, RSS Support, and More?
Archives
View posts from:
 

PC World's Marketplace

PC World's Free Whitepapers