Sci-fi reviews site hacked to spew malicious PDFs

[InfoSec News <alerts () infosecnews org>]

http://www.theregister.co.uk/2009/12/18/aintitcool_malware_attack/

By Dan Goodin in San Francisco 
The Register
18th December 2009

Hackers on Thursday exploited a vulnerability on Ain't It Cool News that 
redirected anyone visiting the movie review site to a server containing 
a malicious Adobe Reader file.

The attack targeted a vulnerable PHP script on one of AICN's servers 
that automatically appended the malicious link to banner ads served on 
the site, its publisher, Roland De Noie, said. As a result, anyone 
visiting the site over a 90-minute period on Thursday morning was 
silently redirected to speedconnection .cn which served a malicious file 
named annonce.pdf.

The booby-trapped PDF, according an analysis by researchers at 
Praetorian Prefect, exploited two vulnerabilities in Adobe Reader that 
the company has already fixed. When the file is opened by unpatched 
versions of Reader, it launches malicious shell code that hijacks the 
machine. Only 12 of the 41 major anti-virus programs currently detect 
the trojan, according to this VirusTotal analysis.

In September, Mozilla found that more than half of Firefox users used 
insecure versions of Adobe Flash. It wouldn't be surprising to find a 
similarly large proportion of the population using out-of-date versions 
of Reader, too.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org