[Security Advisory for Adobe Reader and Acrobat]
http://www.adobe.com/support/security/advisories/apsa11-04.html
[Affected Softwares]
Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh and UNIX
Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows and Macintosh
http://www.adobe.com/support/security/advisories/apsa11-04.html
[Affected Softwares]
Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh and UNIX
Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows and Macintosh
2. Spreading path and symptoms of infection
This malicious file used CVE-2011-2462 vulnerability, is PDF type and can be spread through attachment of e-mail or certain link. Besides, if infected, system control permission can be lost to attacker with exposure of U3D memory tampering.
* U3D(Universal 3D)?
Universal 3D (U3D) is a compressed file format standard for 3D computer graphics data.
Universal 3D (U3D) is a compressed file format standard for 3D computer graphics data.
This malicious PDF file is a type of injecting malicious ShellCode, and its content is a type of survey(ManTech Employee Satisfaction Survey).
Upon executed this malicious PDF file, injected ShellCode will be executed. Furthermore, this PDF file will generate additional malicious files as following.
* Generated files
C:\Documents and Settings\(User Account)\Local Settings\pretty.exe
C:\Documents and Settings\(User Account)\Local Settings\WSE4EF1.TMP
C:\Documents and Settings\(User Account)\Local Settings\ctfmon.exe (Same file as pretty.exe)
C:\Documents and Settings\(User Account)\Local Settings\pretty.exe
C:\Documents and Settings\(User Account)\Local Settings\WSE4EF1.TMP
C:\Documents and Settings\(User Account)\Local Settings\ctfmon.exe (Same file as pretty.exe)
Additional malicious files are known as communicating with external C&C server constantly, however, all related sites has been blocked.
3. How to prevent
Adobe announced security update Adobe Reader 9.x and Adobe Acrobat 9.x for Windows related with that vulnerability until Dec 12 for Windows. However, in case of Adobe Reader X and Adobe Acrobat X, those can protect themselves from the vulnerability with using safe mode and safe view.
Security management tips
1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function “ON”
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.
1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function “ON”
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.
INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.
I read this article, this article very informative and interesting..I refer your blog to many of my friends as well.
ReplyDeleteThanks for sharing knowledge..
Employee Satisfaction Survey Questions
دانلود موزیک دانلود موزیک دانلود موزیک
Deleteشركة تنظيف خزانات بالطائف
ReplyDeleteشركة تنظيف منازل بالطائف
شركة نقل اثاث بالطائف
شركة رش مبيدات بالطائف
شركة عزل اسطح بالطائف
شركة كشف تسربات المياه بالطائف
شركة تسليك مجارى بالطائف
شركة تنظيف بيارات بالطائف
شركة كشف تسربات المياه بالقصيم
شركة نقل اثاث بالقصيم
شركة عزل اسطح بالقصيم
ReplyDeleteشركة تنظيف خزانات بالقصيم
شركة تنظيف مجالس بالقصيم
شركة تخزين اثاث بالقصيم
شركة تنظيف منازل بالقصيم
شركة مكافحة النمل الابيض بالقصيم
شركة مكافحة حشرات بالقصيم
شركة تنظيف بيارات ببريدة
شركة تسليك مجارى ببريدة
شركة تنظيف موكيت ببريدة
شركة تنظيف منازل ببريدة
شركة مكافحة حشرات ببريدة
شركة تنظيف خزانات ببريدة
شركة مكافحة حشرات بمكة
شركة تنظيف خزانات بمكة
Do you know that this blog contains a lot of useful essay writing tips https://persuasivepapers.com/persuasive-essay-at-middle-school/. If you have an additional info please leave it in comment section.
ReplyDeletegreat post. thanks for sharing this information
ReplyDeleteKineMaster for pc
Free fire for pc
https://www.kinemasterforpcdownload.co/
https://www.freefirepcdownload.online/
kjoi
The agency understands how complex and time-consuming that Cheap Editing Services can be. If you simply don’t have the skills you require to complete a good paper, or you’re pressed for time, or you can always order Best Coursework Writing Servicefrom them.
ReplyDeleteGreat Article
ReplyDeleteNetwork Security Projects for CSE
JavaScript Training in Chennai
Project Centers in Chennai
JavaScript Training in Chennai
فرزاد فرزین
ReplyDeleteعلی یاسینی
شهاب مظفری
احسان خواجه امیری
The term zero-day refers to an unknown vulnerability or an exploit in a software program that the developer of the software is newly aware of, and has not had the time to address and patch.
ReplyDeletegame mobile
I am upbeat to discover this post exceptionally helpful for me, as it contains part of data. I generally want to peruse the quality substance and this thing I found in you post. Important and famous people from throughout history born on this day. Search thousands of historical, noteworthy and Celebrity birthdays in our archives.
ReplyDeleteinspirational quotes for addiction
ReplyDeletequotes for recovering addicts
tanx for post
ReplyDeleteچگونه باسنی بزرگ داشته باشیم
The main thing to acknowledge with regards to LushFlirt is the way that when you join, you do so totally for nothing out of pocket. That is a fair component that basically implies you're enabled to evaluate the stage prior to focusing on it. YesPornPlease really has a couple 'freemium' highlights that you can pay for, however these aren't fundamental and you'll have the option to get together with provocative broads in your general vicinity without paying any money. Presently an intriguing part of YesPornPlease is the way that you can have live talk encounters – with webcams – on the stage. This is incredible for affirming the individual you're really conversing with is certified: a top-level approach to stay away from the tricks that exist in the web based dating world.
ReplyDeleteyespornplease