SlideShare une entreprise Scribd logo

Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash

Trend Micro
Trend Micro

TrendLabs examines the recent zer-day exploit of the Adobe Flash player and its payload.

Technologie
1  sur  2
Télécharger pour lire hors ligne
Web Threat Spotlight A Web threat is any threat that uses the Internet to facilitate cybercrime. ISSUE NO. 66 JUNE 21, 2010 Zero-Day Adobe Flash Player Exploits in a Flash Apart from ensuring that the threat landscape is consistently thriving, cybercriminals can also be depended on to jump at every single opportunity that arises. Zero-day vulnerabilities are no exception. Developers face the challenge of releasing updates before exploit attacks proliferate in the wild. Every time a software vulnerability is made public, users can expect cybercriminals to use it to their advantage faster than developers can say “patch.” The Threat Defined Security experts are faced with an interesting scenario every time a zero-day vulnerability is disclosed. There are always two possibilities—developers will effectively fix the flaw before any major issue arises or cybercriminals will get an opportunity to spread malware via vulnerability exploits and developers are left with the task of cleaning up the mess they leave behind. The recent zero-day exploit is a good example of the latter scenario. When Adobe released a security advisory about a Flash Player vulnerability, a zero-day exploit had already been found. Tagged as critical, the vulnerability (CVE-2010-1297) causes the application to crash and can allow remote users to execute malicious codes on an affected system. Exploits in a Flash As evidenced by this and many other zero-day exploit attacks, cybercriminals waste no time in taking the opportunity to take advantage of vulnerable users. In this particular scheme, spammers sent email messages with an .SWF file embedded in a .PDF file attachment. Opening the attached file executes the .SWF file, which, in turn, results in exploitation of the Adobe Flash Player vulnerability. The vulnerability currently exists in Figure 1. Adobe Flash Player vulnerability exploit infection diagram 10.0.x and 9.0.x versions of Flash, including the current version (10.0.45.2). Furthermore, authplay.dll or the vulnerable component is also used by Adobe’s PDF products. Consequently, both Acrobat and Reader 9.3.2 and earlier versions that belong to the 9.x family are also affected. Acrobat and Reader 8.x versions are not affected. Opening Doors to Malware Vulnerability exploits typically lead not just to one malware infection but to several infections at the same time. In this attack, Trend Micro detects malicious files exploiting the vulnerability as TROJ_PIDIEF.WX. Once installed on a system, the Trojan connects to a malicious website to download a file detected as TROJ_SMALL.WJX, which, in turn drops a file detected as BKDR_PDFKA.W. The backdoor leaves users susceptible not just to information theft but to involvement in cybercriminals’ money- making schemes as well because of its routines. More specifically, BKDR_PDFKA.W collects system information such as installed applications and IP configurations. It is likewise capable of downloading files from the Web and executing these on an affected system. As a result, the compromised machine can be used for pay-per-install (PPI) schemes that cybercriminals often use to spread malware and to build botnets. User Risks and Exposure Given the speed by which cybercriminals exploit vulnerabilities, users are constantly victims in the making. It does not help either that patching systems is both a tiresome and time-consuming task for small businesses but even more so for enterprises that need to manage several systems. 1 of 2 – WEB THREAT SPOTLIGHT
Web Threat Spotlight A Web threat is any threat that uses the Internet to facilitate cybercrime. In this attack, users face the added challenge of dealing with several vulnerable applications at once. Since the malicious files exploit vulnerabilities in Adobe Flash Player, Acrobat, and Reader, users should be sure to patch all these applications and make sure they do not leave any of them vulnerable. In the end, it is still best to enable automatic updates whenever possible and to ensure that systems are consistently updated with the latest vendor-released patches. Since the threats in this attack arrive via spammed messages, users are likewise advised to practice discretion when opening email messages and when downloading and executing file attachments. Users should always be on the lookout for unsolicited email messages, dubious- sounding senders, and meaningless salad words. Such messages should be immediately deleted since spammers sometimes utilize invisible links that can inadvertently lead users to malicious websites. Trend Micro Solutions and Recommendations Trend Micro™ Smart Protection Network™ delivers security infrastructure that is smarter than conventional approaches. Leveraged across Trend Micro’s solutions and services, Smart Protection Network™ is a cloud-client content security infrastructure that automatically blocks threats before they reach you. A global network of threat intelligence sensors correlates with email, Web, and file reputation technologies 24 x 7 to provide comprehensive protection against threats. As the sophistication of threats, volume of attacks, and number of endpoints rapidly grows, the need for lightweight, comprehensive, and immediate threat intelligence in the cloud is critical to overall protection against data breaches, damage to business reputation, and loss of productivity. In this attack, Smart Protection Network’s email reputation service blocks all emails related to this spam run. File reputation service detects and prevents the download of malicious files detected as TROJ_PIDIEF.WX, TROJ_SMALL.WJX, and BKDR_PDFKA.W. The Web reputation service likewise prevents access to the malicious sites. Users are also advised to upgrade to the latest Flash Player version, which Adobe has announced in this security bulletin. Meanwhile, updates for Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh, and Unix are expected to be released by June 29, 2010. As a workaround, users can manually delete the vulnerable component, authplay.dll. However, when this is done, all Flash contents within .PDF files cannot be opened. Users may see a crash or error message but this will not trigger the exploit. Trend Micro Deep Security and Trend Micro OfficeScan already protect business users against the Adobe product authplay.dll remote code execution vulnerability via the Intrusion Defense Firewall (IDF) plug-in if their systems are updated with IDF rule number 1004202. Non-Trend Micro product users may also benefit from using free tools like eMail ID, a browser plug-in that helps users identify legitimate email messages in their inboxes. The following post at the TrendLabs Malware Blog discusses this threat: http://blog.trendmicro.com/zero-day-flashacrobat-exploit-seen-in-the-wild/ The virus reports are found here: http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PIDIEF.WX http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.WJX http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_PDFKA.W Other related posts are found here: http://www.adobe.com/support/security/advisories/apsa10-01.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297 http://blog.trendmicro.com/?s=zero-day http://en.wikipedia.org/wiki/Compensation_methods#Pay-per-install_.28PPI.29 http://blog.trendmicro.com/spotlighting-the-botnet-business-model/ http://get.adobe.com/flashplayer/ http://www.adobe.com/support/security/bulletins/apsb10-14.html 2 of 2 – WEB THREAT SPOTLIGHT

Recommandé

PC Maker's Support Page Succumbs To Compromise
PC Maker's Support Page Succumbs To CompromisePC Maker's Support Page Succumbs To Compromise
PC Maker's Support Page Succumbs To CompromiseTrend Micro
 
Wong Pau Tung-special-topic-02-Virus
Wong Pau Tung-special-topic-02-VirusWong Pau Tung-special-topic-02-Virus
Wong Pau Tung-special-topic-02-Virussharing notes123
 
Computer Security Basics for UW-Madison Emeritus Faculty and Staff
Computer Security Basics for UW-Madison Emeritus Faculty and StaffComputer Security Basics for UW-Madison Emeritus Faculty and Staff
Computer Security Basics for UW-Madison Emeritus Faculty and StaffNicholas Davis
 
viruses
virusesviruses
viruseskhadija habib
 
Viruses and antiviruses
Viruses and antivirusesViruses and antiviruses
Viruses and antivirusesSarhad Baez
 
M
MM
Mmonikamca
 
Computer viruses and antiviruses PPT
Computer viruses and antiviruses PPTComputer viruses and antiviruses PPT
Computer viruses and antiviruses PPTEva Harshita
 
Cybersafety basics
Cybersafety basicsCybersafety basics
Cybersafety basicsjeeva9948
 

Recommandé

PC Maker's Support Page Succumbs To Compromise
PC Maker's Support Page Succumbs To CompromisePC Maker's Support Page Succumbs To Compromise
PC Maker's Support Page Succumbs To CompromiseTrend Micro
 
Wong Pau Tung-special-topic-02-Virus
Wong Pau Tung-special-topic-02-VirusWong Pau Tung-special-topic-02-Virus
Wong Pau Tung-special-topic-02-Virussharing notes123
 
Computer Security Basics for UW-Madison Emeritus Faculty and Staff
Computer Security Basics for UW-Madison Emeritus Faculty and StaffComputer Security Basics for UW-Madison Emeritus Faculty and Staff
Computer Security Basics for UW-Madison Emeritus Faculty and StaffNicholas Davis
 
viruses
virusesviruses
viruseskhadija habib
 
Viruses and antiviruses
Viruses and antivirusesViruses and antiviruses
Viruses and antivirusesSarhad Baez
 
M
MM
Mmonikamca
 
Computer viruses and antiviruses PPT
Computer viruses and antiviruses PPTComputer viruses and antiviruses PPT
Computer viruses and antiviruses PPTEva Harshita
 
Cybersafety basics
Cybersafety basicsCybersafety basics
Cybersafety basicsjeeva9948
 
Cscu module 02 securing operating systems
Cscu module 02 securing operating systemsCscu module 02 securing operating systems
Cscu module 02 securing operating systemsSejahtera Affif
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & preventionKhaleel Assadi
 
Computer viruses by joy chakraborty
Computer viruses by joy chakrabortyComputer viruses by joy chakraborty
Computer viruses by joy chakrabortyJoy Chakraborty
 
Computer viruses
Computer virusesComputer viruses
Computer virusesAyushJain628
 
Antivirus security
Antivirus securityAntivirus security
Antivirus securitymPower Technology
 
Virus part1
Virus part1Virus part1
Virus part1Ajay Banyal
 
Computer virus 2015
Computer virus 2015Computer virus 2015
Computer virus 2015fidel barrios
 
computer virus ppt.pptx
computer virus ppt.pptxcomputer virus ppt.pptx
computer virus ppt.pptxAbiniyavk
 
Virus
VirusVirus
VirusNitin Dhiman
 
Iloveyou virus
Iloveyou virusIloveyou virus
Iloveyou virus7esBoss12
 
Virus
VirusVirus
VirusCHITRA S
 
Computer virus
Computer virusComputer virus
Computer virusomroyal
 
information about virus
information about virusinformation about virus
information about virustoshan badiye
 
It planet gigabyte gr 7 textbook
It planet gigabyte gr 7 textbookIt planet gigabyte gr 7 textbook
It planet gigabyte gr 7 textbookNityant Singhal
 
Senior seminar virus
Senior seminar virusSenior seminar virus
Senior seminar virusHimanshu Mahar
 
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public schoolDev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public schoolDevku45
 
Malware
MalwareMalware
MalwareTuhin_Das
 
How To Protect Your Home PC
How To Protect Your Home PCHow To Protect Your Home PC
How To Protect Your Home PCthatfunguygeek
 
Viruses and Spyware
Viruses and SpywareViruses and Spyware
Viruses and SpywareBuffalo Seminary
 
Computer Virus
Computer VirusComputer Virus
Computer VirusAmirah Husna
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
 
HBR APT framework
HBR APT frameworkHBR APT framework
HBR APT frameworkTrend Micro
 

Contenu connexe

Tendances

Cscu module 02 securing operating systems
Cscu module 02 securing operating systemsCscu module 02 securing operating systems
Cscu module 02 securing operating systemsSejahtera Affif
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & preventionKhaleel Assadi
 
Computer viruses by joy chakraborty
Computer viruses by joy chakrabortyComputer viruses by joy chakraborty
Computer viruses by joy chakrabortyJoy Chakraborty
 
computer virus ppt.pptx
computer virus ppt.pptxcomputer virus ppt.pptx
computer virus ppt.pptxAbiniyavk
 
Iloveyou virus
Iloveyou virusIloveyou virus
Iloveyou virus7esBoss12
 
Computer virus
Computer virusComputer virus
Computer virusomroyal
 
information about virus
information about virusinformation about virus
information about virustoshan badiye
 
It planet gigabyte gr 7 textbook
It planet gigabyte gr 7 textbookIt planet gigabyte gr 7 textbook
It planet gigabyte gr 7 textbookNityant Singhal
 
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public schoolDev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public schoolDevku45
 
How To Protect Your Home PC
How To Protect Your Home PCHow To Protect Your Home PC
How To Protect Your Home PCthatfunguygeek
 

Tendances (20)

Cscu module 02 securing operating systems
Cscu module 02 securing operating systemsCscu module 02 securing operating systems
Cscu module 02 securing operating systems
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & prevention
 
Computer viruses by joy chakraborty
Computer viruses by joy chakrabortyComputer viruses by joy chakraborty
Computer viruses by joy chakraborty
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Antivirus security
Antivirus securityAntivirus security
Antivirus security
 
Virus part1
Virus part1Virus part1
Virus part1
 
Computer virus 2015
Computer virus 2015Computer virus 2015
Computer virus 2015
 
computer virus ppt.pptx
computer virus ppt.pptxcomputer virus ppt.pptx
computer virus ppt.pptx
 
Virus
VirusVirus
Virus
 
Iloveyou virus
Iloveyou virusIloveyou virus
Iloveyou virus
 
Virus
VirusVirus
Virus
 
Computer virus
Computer virusComputer virus
Computer virus
 
information about virus
information about virusinformation about virus
information about virus
 
It planet gigabyte gr 7 textbook
It planet gigabyte gr 7 textbookIt planet gigabyte gr 7 textbook
It planet gigabyte gr 7 textbook
 
Senior seminar virus
Senior seminar virusSenior seminar virus
Senior seminar virus
 
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public schoolDev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public school
 
Malware
MalwareMalware
Malware
 
How To Protect Your Home PC
How To Protect Your Home PCHow To Protect Your Home PC
How To Protect Your Home PC
 
Viruses and Spyware
Viruses and SpywareViruses and Spyware
Viruses and Spyware
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 

En vedette

Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
 
HBR APT framework
HBR APT frameworkHBR APT framework
HBR APT frameworkTrend Micro
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksTrend Micro
 
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)Trend Micro
 
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryCountering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryTrend Micro
 
Cybercrime In The Deep Web
Cybercrime In The Deep WebCybercrime In The Deep Web
Cybercrime In The Deep WebTrend Micro
 

En vedette (7)

Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
 
HBR APT framework
HBR APT frameworkHBR APT framework
HBR APT framework
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted Attacks
 
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
 
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryCountering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep Discovery
 
Fire Eye Appliance Quick Start
Fire Eye Appliance Quick StartFire Eye Appliance Quick Start
Fire Eye Appliance Quick Start
 
Cybercrime In The Deep Web
Cybercrime In The Deep WebCybercrime In The Deep Web
Cybercrime In The Deep Web
 

Similaire à Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash

Your Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Your Guide to tackle the Ransomware threat "WannaCry" | SysforeYour Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Your Guide to tackle the Ransomware threat "WannaCry" | SysforeSysfore Technologies
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & preventionPriSim
 
Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile AttackIRJET Journal
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsConnecting Up
 
Ransomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesRansomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesAvinash Sinha
 
Experts Live Europe 2017 - Best Practices to secure Windows 10 with already i...
Experts Live Europe 2017 - Best Practices to secure Windows 10 with already i...Experts Live Europe 2017 - Best Practices to secure Windows 10 with already i...
Experts Live Europe 2017 - Best Practices to secure Windows 10 with already i...Alexander Benoit
 
Computer virus and antivirus
Computer virus and antivirusComputer virus and antivirus
Computer virus and antivirusBESOR ACADEMY
 
Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118
Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118
Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118AngelaHoltby
 
Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesAlireza Ghahrood
 
Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0mobileironmarketing
 
Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresAlexander Benoit
 
Cybersecurity - Poland.pdf
Cybersecurity - Poland.pdfCybersecurity - Poland.pdf
Cybersecurity - Poland.pdfPavelVtek3
 
The most well known closed vulnerabilities
The most well known closed vulnerabilitiesThe most well known closed vulnerabilities
The most well known closed vulnerabilitiesRiyadh Khan
 
How To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsHow To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsLondon School of Cyber Security
 
Malware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpurMalware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpurMohsin Dahar
 

Similaire à Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash (20)

Methods Hackers Use
Methods Hackers UseMethods Hackers Use
Methods Hackers Use
 
Your Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Your Guide to tackle the Ransomware threat "WannaCry" | SysforeYour Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Your Guide to tackle the Ransomware threat "WannaCry" | Sysfore
 
computervirus.ppt
computervirus.pptcomputervirus.ppt
computervirus.ppt
 
Ch19
Ch19Ch19
Ch19
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
 
Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile Attack
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
 
Ransomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesRansomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation Techniques
 
Experts Live Europe 2017 - Best Practices to secure Windows 10 with already i...
Experts Live Europe 2017 - Best Practices to secure Windows 10 with already i...Experts Live Europe 2017 - Best Practices to secure Windows 10 with already i...
Experts Live Europe 2017 - Best Practices to secure Windows 10 with already i...
 
Computer virus and antivirus
Computer virus and antivirusComputer virus and antivirus
Computer virus and antivirus
 
Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118
Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118
Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118
 
Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antiviruses
 
185
185185
185
 
Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0
 
Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included features
 
C3
C3C3
C3
 
Cybersecurity - Poland.pdf
Cybersecurity - Poland.pdfCybersecurity - Poland.pdf
Cybersecurity - Poland.pdf
 
The most well known closed vulnerabilities
The most well known closed vulnerabilitiesThe most well known closed vulnerabilities
The most well known closed vulnerabilities
 
How To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsHow To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and Forensics
 
Malware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpurMalware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpur
 

Plus de Trend Micro

Industrial Remote Controllers Safety, Security, Vulnerabilities
Industrial Remote Controllers Safety, Security, VulnerabilitiesIndustrial Remote Controllers Safety, Security, Vulnerabilities
Industrial Remote Controllers Safety, Security, VulnerabilitiesTrend Micro
 
Investigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at LargeInvestigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at LargeTrend Micro
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Trend Micro
 
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...Trend Micro
 
Skip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSSkip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSTrend Micro
 
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Trend Micro
 
Mobile Telephony Threats in Asia
Mobile Telephony Threats in AsiaMobile Telephony Threats in Asia
Mobile Telephony Threats in AsiaTrend Micro
 
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsCaptain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsTrend Micro
 
[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest Texas[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest TexasTrend Micro
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloudTrend Micro
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesTrend Micro
 
Threat predictions 2011
Threat predictions 2011 Threat predictions 2011
Threat predictions 2011 Trend Micro
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep securityTrend Micro
 
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryAssuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryTrend Micro
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionTrend Micro
 
Security Best Practices for Health Information Exchange
Security Best Practices for Health Information ExchangeSecurity Best Practices for Health Information Exchange
Security Best Practices for Health Information ExchangeTrend Micro
 
Solutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceSolutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceTrend Micro
 
FIFA Spam Targets Football Fanatics
FIFA Spam Targets Football FanaticsFIFA Spam Targets Football Fanatics
FIFA Spam Targets Football FanaticsTrend Micro
 
The Heart of KOOBFACE
The Heart of KOOBFACEThe Heart of KOOBFACE
The Heart of KOOBFACETrend Micro
 
The Real Face Of KOOBFACE
The Real Face Of KOOBFACEThe Real Face Of KOOBFACE
The Real Face Of KOOBFACETrend Micro
 

Plus de Trend Micro (20)

Industrial Remote Controllers Safety, Security, Vulnerabilities
Industrial Remote Controllers Safety, Security, VulnerabilitiesIndustrial Remote Controllers Safety, Security, Vulnerabilities
Industrial Remote Controllers Safety, Security, Vulnerabilities
 
Investigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at LargeInvestigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at Large
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
 
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
 
Skip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSSkip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWS
 
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
 
Mobile Telephony Threats in Asia
Mobile Telephony Threats in AsiaMobile Telephony Threats in Asia
Mobile Telephony Threats in Asia
 
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsCaptain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
 
[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest Texas[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest Texas
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
 
Threat predictions 2011
Threat predictions 2011 Threat predictions 2011
Threat predictions 2011
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep security
 
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryAssuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryption
 
Security Best Practices for Health Information Exchange
Security Best Practices for Health Information ExchangeSecurity Best Practices for Health Information Exchange
Security Best Practices for Health Information Exchange
 
Solutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceSolutions for PCI DSS Compliance
Solutions for PCI DSS Compliance
 
FIFA Spam Targets Football Fanatics
FIFA Spam Targets Football FanaticsFIFA Spam Targets Football Fanatics
FIFA Spam Targets Football Fanatics
 
The Heart of KOOBFACE
The Heart of KOOBFACEThe Heart of KOOBFACE
The Heart of KOOBFACE
 
The Real Face Of KOOBFACE
The Real Face Of KOOBFACEThe Real Face Of KOOBFACE
The Real Face Of KOOBFACE
 

Dernier

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Dernier (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash

  • 1. Web Threat Spotlight A Web threat is any threat that uses the Internet to facilitate cybercrime. ISSUE NO. 66 JUNE 21, 2010 Zero-Day Adobe Flash Player Exploits in a Flash Apart from ensuring that the threat landscape is consistently thriving, cybercriminals can also be depended on to jump at every single opportunity that arises. Zero-day vulnerabilities are no exception. Developers face the challenge of releasing updates before exploit attacks proliferate in the wild. Every time a software vulnerability is made public, users can expect cybercriminals to use it to their advantage faster than developers can say “patch.” The Threat Defined Security experts are faced with an interesting scenario every time a zero-day vulnerability is disclosed. There are always two possibilities—developers will effectively fix the flaw before any major issue arises or cybercriminals will get an opportunity to spread malware via vulnerability exploits and developers are left with the task of cleaning up the mess they leave behind. The recent zero-day exploit is a good example of the latter scenario. When Adobe released a security advisory about a Flash Player vulnerability, a zero-day exploit had already been found. Tagged as critical, the vulnerability (CVE-2010-1297) causes the application to crash and can allow remote users to execute malicious codes on an affected system. Exploits in a Flash As evidenced by this and many other zero-day exploit attacks, cybercriminals waste no time in taking the opportunity to take advantage of vulnerable users. In this particular scheme, spammers sent email messages with an .SWF file embedded in a .PDF file attachment. Opening the attached file executes the .SWF file, which, in turn, results in exploitation of the Adobe Flash Player vulnerability. The vulnerability currently exists in Figure 1. Adobe Flash Player vulnerability exploit infection diagram 10.0.x and 9.0.x versions of Flash, including the current version (10.0.45.2). Furthermore, authplay.dll or the vulnerable component is also used by Adobe’s PDF products. Consequently, both Acrobat and Reader 9.3.2 and earlier versions that belong to the 9.x family are also affected. Acrobat and Reader 8.x versions are not affected. Opening Doors to Malware Vulnerability exploits typically lead not just to one malware infection but to several infections at the same time. In this attack, Trend Micro detects malicious files exploiting the vulnerability as TROJ_PIDIEF.WX. Once installed on a system, the Trojan connects to a malicious website to download a file detected as TROJ_SMALL.WJX, which, in turn drops a file detected as BKDR_PDFKA.W. The backdoor leaves users susceptible not just to information theft but to involvement in cybercriminals’ money- making schemes as well because of its routines. More specifically, BKDR_PDFKA.W collects system information such as installed applications and IP configurations. It is likewise capable of downloading files from the Web and executing these on an affected system. As a result, the compromised machine can be used for pay-per-install (PPI) schemes that cybercriminals often use to spread malware and to build botnets. User Risks and Exposure Given the speed by which cybercriminals exploit vulnerabilities, users are constantly victims in the making. It does not help either that patching systems is both a tiresome and time-consuming task for small businesses but even more so for enterprises that need to manage several systems. 1 of 2 – WEB THREAT SPOTLIGHT
  • 2. Web Threat Spotlight A Web threat is any threat that uses the Internet to facilitate cybercrime. In this attack, users face the added challenge of dealing with several vulnerable applications at once. Since the malicious files exploit vulnerabilities in Adobe Flash Player, Acrobat, and Reader, users should be sure to patch all these applications and make sure they do not leave any of them vulnerable. In the end, it is still best to enable automatic updates whenever possible and to ensure that systems are consistently updated with the latest vendor-released patches. Since the threats in this attack arrive via spammed messages, users are likewise advised to practice discretion when opening email messages and when downloading and executing file attachments. Users should always be on the lookout for unsolicited email messages, dubious- sounding senders, and meaningless salad words. Such messages should be immediately deleted since spammers sometimes utilize invisible links that can inadvertently lead users to malicious websites. Trend Micro Solutions and Recommendations Trend Micro™ Smart Protection Network™ delivers security infrastructure that is smarter than conventional approaches. Leveraged across Trend Micro’s solutions and services, Smart Protection Network™ is a cloud-client content security infrastructure that automatically blocks threats before they reach you. A global network of threat intelligence sensors correlates with email, Web, and file reputation technologies 24 x 7 to provide comprehensive protection against threats. As the sophistication of threats, volume of attacks, and number of endpoints rapidly grows, the need for lightweight, comprehensive, and immediate threat intelligence in the cloud is critical to overall protection against data breaches, damage to business reputation, and loss of productivity. In this attack, Smart Protection Network’s email reputation service blocks all emails related to this spam run. File reputation service detects and prevents the download of malicious files detected as TROJ_PIDIEF.WX, TROJ_SMALL.WJX, and BKDR_PDFKA.W. The Web reputation service likewise prevents access to the malicious sites. Users are also advised to upgrade to the latest Flash Player version, which Adobe has announced in this security bulletin. Meanwhile, updates for Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh, and Unix are expected to be released by June 29, 2010. As a workaround, users can manually delete the vulnerable component, authplay.dll. However, when this is done, all Flash contents within .PDF files cannot be opened. Users may see a crash or error message but this will not trigger the exploit. Trend Micro Deep Security and Trend Micro OfficeScan already protect business users against the Adobe product authplay.dll remote code execution vulnerability via the Intrusion Defense Firewall (IDF) plug-in if their systems are updated with IDF rule number 1004202. Non-Trend Micro product users may also benefit from using free tools like eMail ID, a browser plug-in that helps users identify legitimate email messages in their inboxes. The following post at the TrendLabs Malware Blog discusses this threat: http://blog.trendmicro.com/zero-day-flashacrobat-exploit-seen-in-the-wild/ The virus reports are found here: http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PIDIEF.WX http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.WJX http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_PDFKA.W Other related posts are found here: http://www.adobe.com/support/security/advisories/apsa10-01.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297 http://blog.trendmicro.com/?s=zero-day http://en.wikipedia.org/wiki/Compensation_methods#Pay-per-install_.28PPI.29 http://blog.trendmicro.com/spotlighting-the-botnet-business-model/ http://get.adobe.com/flashplayer/ http://www.adobe.com/support/security/bulletins/apsb10-14.html 2 of 2 – WEB THREAT SPOTLIGHT