Zero-Day strikes again with Adobe Reader exploit

If your one of the millions of Adobe Reader users all over the world and have an interest in learning to play golf, it’s time to pay more attention to the files you download.

A nasty, new version of the Zero-Day exploit has once again begun targeting Adobe customers with an exploit code that has been disguised as an email with a PDF file of a golf lesson attached.

According to ESET, a global computer security corporation, this new wave of Zero-Day attacks are particularly nasty compared to previous versions of the exploit. Whereas prior attacks were targeted to perform specific actions, this one “can do almost whatever it wants,” said Randy Abrams, Director of Technical Education with ESET. “It can download malicious bots; it can load keystroke-tracking software, or any number of things.”

A security bulletin released by Adobe on Wednesday stated that all versions of the product are affected. The advisory states that, “A critical vulnerability exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2883) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild.”

While Adobe has not yet had time to develop a patch for their software, major security vendors have already begun updating virus definitions to detect and eradicate the threat. Trend Micro is one of the companies that have already taken action against the exploit and has updated definitions available for customers.

While it’s a good idea to always keep your anti-malware tools updated and to perform regular scans on your system, the power of common sense can keep you safe from this one. Never download files or open emails from people you don’t know, and be extra-vigilant if you see a message about email offering golf lessons from David Leadbetter.