Critical vulnerabilities have been identified in Adobe Reader X (10.0) for Windows and Macintosh; Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh and UNIX; and Adobe Acrobat X (10.0) and earlier versions for Windows and Macintosh.
There is a steady growth of threats to mobile platforms, according to a new McAfee report.\r\n\r\nThe number of pieces of new mobile malware in 2010 increased by 46 percent compared with 2009. The report also uncovered 20 million new pieces of malware in 2010, equating to nearly 55,000 new malware threats every day.\r\n\r\n\r\nOf the almost 55 million total pieces of malware McAfee Labs has identified, 36 percent was created in 2010. Concurrently, spam accounted for 80 percent of total email traffic in Q4 2010, the lowest point since the first quarter of 2007.\r\n\r\nThreats to mobile platforms are not new. However, as more consumers use mobile devices and tablets in their daily lives and at work, cybercriminals have taken note. During the last several years, McAfee Labs has seen a steady growth in the number of threats to mobile devices.\r\n\r\nSome of the most interesting mobile threats of Q4 2010 were SymbOS/Zitmo.A and Android/Geinimi. SymbOS/Zitmo.A was a high-profile threat that struck early in the quarter. The creators of the Zeus botnet repurposed an old version of a commercial spyware package.\r\n\r\nAndroid/Geinimi, a Trojan inserted into legitimate mobile applications and games for the Android platform, was one of the most important threats of the quarter.\r\n\r\nWith the adoption of so many new mobile platforms, combined with the lack of security awareness and mobile safeguards, McAfee Labs expects cybercriminals to use botnet infections to target mobile devices.\r\n\r\nIn Q4 2010, Cutwail was dethroned as the global leader in botnet activity, with Rustock the most prevalent in many parts of the world, and Bobax closely trailing behind the two.\r\n\r\nThe onslaught of malware seems to have no end, and the proliferation of both handled and IP-enabled devices’ affect on this growth remains to be seen. The top malware threats in Q4 2010 were very different in various geographies, due in part to the larger trend that threats now tend to match the types of users, habits and events that are specific to a region. \r\n\r\nFavorites for cybercriminals worldwide this quarter consisted of AutoRun malware (Generic!atr), banking Trojans and downloaders (PWS or Generic.dx), as well as web-based exploits (StartPage and Exploit-MS04-028).\r\n\r\nSpam hitting its lowest levels in years can be attributed to a “transition period,” with several botnets going dormant during a time of year when spam volumes are usually on an upward path.\r\n\r\nIn Q4, McAfee Labs learned the Bredolab botnet had been closed along with parts of the Zeus botnet. Around the Christmas holiday, spam from the Rustock, Lethic, and Xarvester botnets all disappeared, while the spam leaders this quarter were the Bobax and Grum botnets.\r\n\r\nAs more users access the Internet from an ever-expanding pool of devices—computer, tablet, smartphone or Internet TV—web-based threats will continue to grow in size and sophistication. In Q4, some of the most active threats included Zeus-Murofet, Conficker and Koobface, and the number of potentially malicious domains grew at a rapid pace.\r\n\r\nPhishing URLs in the form of the IRS, gift cards, rewards accounts, and social networking accounts were also among the most popular. McAfee Labs found that within the top 100 results of the top daily search terms, 51 percent led to malicious sites, and on average each of these poisoned results pages contained more than five malicious links.\r\n\r\nMcAfee Labs expects attacks using the techniques of search-engine abuse and trend abuse to focus more specifically on new types of devices in 2011.\r\n\r\nIn 2009, McAfee Labs predicted that vulnerabilities in Adobe product would become the clear choice of malware authors and cybercriminals for distribution malware and compromising systems and networks. This prediction has come true. Throughout 2010 malware developers have heavily exploited weaknesses in both Flash and especially PDF technologies.\r\n\r\nMcAfee Labs databases reveal that malicious PDFs targeting Adobe Acrobat topped the number of unique samples by a wide margin, making them the favorite target of client-side exploitation.
GFI Software revealed continuing high levels of rogue security products circulating during January, and a surge in malware that takes aim at vulnerabilities within Adobe Reader and the PDF file format – two of the top 10 detections are aimed at exploiting holes within Adobe.\r\n\r\n\r\nAs was the case in December 2010, seven of the top 10 malware detections were Trojans, with those seven accounting for almost 34% of all malware detections for the month.\r\n\r\nThreatNet also revealed an increase in the FakeVimes rogues that were reported last month, when FraudTool.Win32.FakeVimes!delf (v) hit the number nine spot with .73 percent of all detections.\r\n\r\nThis represents a VIPRE heuristics detection for malicious code associated with the FakeVimes family of rogue security products, illustrating the continued growth of fake and compromised security applications as a means to circulate and covertly install malware onto PCs.\r\n\r\nIn January, a detection of PersonalInternetSecurity2011.FakeVimes (.64 percent of detections) was at the number 12 spot and the top 50 also included Antivirus8.FakeXPA, FraudTool.Win32.FakeVimes!VB (v) and Win32.FakeVimes!delf (v). There are approximately 17 rogues that are considered members of the FakeVimes family. They first appeared in January of last year.\r\n\r\nTwitter users fell victim to a fake antivirus software scam in January as a number of accounts began distributing links promoting rogue security software. The attack used Google\'s Web address shortening service to conceal the links\' destination.\r\n\r\nTwitter worked to reset passwords, but there is no telling how many users were led to malicious sites due to this phishing attack.
There can be no doubt that cybercrime is on the rise. Compared to real-world crime, it is easier, often more profitable, and carries definitely less risk to the perpetrator.\r\n\r\nLast year\'s high profile takedowns of cyber gangs employing the Zeus Trojan have again put the spotlight on that particular piece of malware. Known by many different names - Zbot, Kneber, Wsnpoem - it has been the best-known and most used information-stealing Trojan in the world for quite some time.\r\n\r\nDetected for the first time in late 2006, its popularity with the cybercriminals could be due to the thousands of versions available and - until recently - the continuous development of new ones, and to the many plug-ins and modules available. \r\n\r\nThe price for a full pack with a generic version can reach a $1,000, and that with a unique exclusive version some $5,000. These prices may look high to the casual observer, but the cybercriminals are counting on a much, much higher return on that investment.\r\n\r\nCybercriminals often use social engineering to get the user to install Zeus on their machine. They might fail a great number of times, but statistically, they will succeed with some users because their approach changes constantly - and sometimes all it takes is a moment of distraction.\r\n\r\nThey also often use exploits to infect systems - lately, PDF exploits have been the most used ones. The criminals can target users geographically or target users of a specific financial institution, and can even intercept financial transaction and substitute the receiving account with one of their own.\r\n\r\nAccording to Kaspersky Lab\'s Senior Security Researcher David Emm, another advantage cybercriminals have is that they can move about. When they feel the heat is on and investigators are getting close, they can simply change their ISP and their physical location. The geopolitical restrictions of law enforcement agencies works in their favor. \r\n \r\n\"Botnets are a core component of the threat landscape,\" said Emm during his presentation at this year\'s press event for Infosecurity Europe. \"And the drop-zone is where they stash the stolen loot.\" The average size of a drop-zone is about 14GB, but criminals like to be sure that the information their botnet has gathered is safe, so they use several servers on different locations configured to receive and store the stolen information.\r\n\r\nThe files stashed in the drop-zone are usually:JPGs (screen captures).txt files (containing private information that can be used to steal money)certificates (often sold or misused to sign malware).dat files (scripts, server side programs).The criminals manage their operation similarly to an administrator of a legal network. Online C&C panels provide easy management of their bot armies - it allows them see what\'s going on, and in case of an emergency to kill all connections in order to cover their tracks.\r\n\r\nThey want to manage their network effectively, and such a panel allows them to see the relevant infection statistics, to see where their victims are located, to kill all connections to hide their tracks if the need arises, and much more:\r\n\r\n\r\nThe fight against these criminals has not shown many results so far. Botnets are taken down, only to rise again because of the large number of C&Cs available to herd the bots. Drop-zones are taken down but new ones appear almost instantly. \r\n\r\nEmm believes that there are many things that can be done to mitigate the situation: improved software is being developed constantly, and patching and updating should become a priority. Education and the promotion of the right security mindset could also help. \r\n\r\nHe pointed out that asking about when is it going to stop is not the right question - we don\'t ask the same thing about \"offline\", real-world crime because, realistically, it will always be there. The only thing we can do to minimize our risk as individuals is to develop an online equivalent of common sense.\r\n\r\nIn another presentation, João Gouveia of AnubisNetworks also broached the topic of Zeus. He says that there are things happening that may give some hope for a successful fight against botnets, such as the Australian Internet Security Initiative, and a similar anit-botnet initiative in Germany.
Adobe's PDF format and standard has been known for a while now to be easily exploitable and, thus, rather insecure.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.