Jump to content
  • Revista PROGRAMAR: Já está disponível a edição #60 da revista programar. Faz já o download aqui!

herakty

Zeus botnet exploits unpatched PDF flaw

Recommended Posts

herakty

o Zeus anda mesmo na ribalta... claro que sempre pelos piores motivos... mas está a dar montes de dores de cabeça e criar sérios problemas... senão fosse a mafia russa a proteger a sua criação

mas está a ser efectuada uma das maiores caças ao cracking de todos os tempos... várias empresas oferecem (não publicamente) grandes quantias de dinheiro a quem "denunciar" os criadores deste virus

sei de detectives que já foram para a russia trabalhar neste caso...

e oram vejam lá o descaramento dos criadores do Zeus que até usam módulos de outros produtos no seu criador de worms, virus, malware no geral

In August 2009, a module using the same flaw was added to the open-source Metasploit penetration testing kit, said HD Moore, Metasploit's creator and the chief security officer at Rapid7. "Colin Ames of Attack Research wrote this module as part of his Black Hat USA presentation," said Moore. "Didier's work was independent of what we already had, but uses almost the same method at its core."

Today, Stevens said that the Zeus attack Trojan was actually using the Metasploit module. "From what I can read, the new Zeus PDF actually uses a [Metasploit] Adobe PDF exploit," Stevens said on Twitter, pointing to another description of the new attack by M86 Security of Orange, Calif.

- The Zeus botnet is now using an unpatched flaw in Adobe's PDF document format to infect users with malicious code, security researchers said today.

The attacks come less than a week after other experts predicted that hackers would soon exploit the "/Launch" design flaw in PDF documents to install malware on unsuspecting users' computers.

The just-spotted Zeus variant uses a malicious PDF file that embeds the attack code in the document, said Dan Hubbard, CTO of San Diego, Calif.-based security company Websense. When users open the rogue PDF, they're asked to save a PDF file called "Royal_Mail_Delivery_Notice.pdf." That file, however, is actually a Windows executable that when it runs, hijacks the PC.

Zeus is the first major botnet to exploit a PDF's /Launch feature, which is, strictly speaking, not a security vulnerability but actually a by-design function of Adobe's specification. Earlier this month, Belgium researcher Didier Stevens demonstrated how a multistage attack using /Launch could successfully exploit a fully-patched copy of Adobe Reader or Acrobat.

http://www.computerworld.com/s/article/9175612/Zeus_botnet_exploits_unpatched_PDF_flaw

teckV

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

By using this site you accept our Terms of Use and Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.