Cyber criminals are actively exploiting a highly critical vulnerabilty in Adobe Flash to infest consumer and business computers with malware that does serious financial harm. The antivirus and antispyware software on most computers will not protect them from this threat. All computer users should either disable Adobe Flash or use advanced computer protection software that does not depend on signature-based technology. For most computers, advanced computer protection software that stops this and future attacks means adding additional security software.

Adobe Flash operates either as a standalone or as a helper to many other applications such as Internet Explorer, Firefox, Chrome, Adobe Acrobat, Adobe Reader, and many other applications. Adobe Reader and web browser users are known to be under attack via compromised web pages or poisoned PDF documents. Reports from reputable sources confirm attacks are underway using both of these vectors.

Security conscious computer users are no doubt leary about opening PDF documents from unknown email senders or websites. However, that ounce of prevention is about a pound short. We open PDF documents that our friends, family, and peers refer to us. If their computer has been infested without their knowing it, then any PDF on their computer may have been secretly poisoned. Similarly, cyber criminals have been systematically compromising legitimate websites by infesting the personal computers that the webmasters who maintain the legitimate websites use. So, 100,000’s of legitimate websites are serving or indirectly serving tainted web pages and poisoned PDF documents. In short, every website and PDF document must ultimately be regarded as a threat that signature-based security software cannot detect.

Other Adobe Flash attack vectors are probable. The nature of the Adobe Flash vulnerability is such that other application or document vehicles can be used to exploit this to do very serious harm. Alternative PDF readers such as Foxit may also be used to exploit this vulnerability, however, there are no reports substantiating that possibility. Any of the numerous applications that quietly leverage Adobe Flash functionality can theoretically be used by attackers.

Windows XP computers are most at risk. Windows Vista computers with UAC (universal access control) are protected from drive-by versions of the attack, provided end-users click on the correct button on the UAC prompt window. Linux and Mac computers are theoretically vulnerable too. There are no confirmed reports of exploits on these operating systems.

Just look at the different and recent endpoint security articles in this blog and you’ll get a sense for how aggressive and pervasive cyber criminals have become. They want what you have.

AppGuard and EdgeGuard Protect Computers from Adobe Flash and Other Attacks

These Adobe Flash attacks are just the latest example of what AppGuard and EdgeGuard protect their users from. In fact, we haven’t seen a software application vulnerability in 2009, and there have been a lot, that AppGuard or EdgeGuard would not stop cold. One should also note that roughly 90% of malware attacks attempt to exploit a vulnerability in a software application rather than an operating system component. If you’re interested in understanding how this technology works, check out this white paper on AppGuard and EdgeGuard zero-day protection technology. If you’d like to see a video of AppGuard protection in action by a 3rd party, check this out.

Posted: Thursday, July 23rd, 2009 - Endpoint Security
RSS 2.0 - Comment - Trackback