DarkFiber Consulting – IT Managed Services

Adobe Reader Exploit Circulating

November 7th, 2008 . by DarkFiber Consulting

DarkFiber Consulting is aware of public reports of active exploitation of a recent Adobe Reader vulnerability. This exploit appears to arrive in the form of a maliciously crafted PDF file and leverages the JavaScript buffer overflow vulnerability addressed in Adobe Security Bulletin APSB08-19. Successful exploitation may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Additionally, the reports indicate that this exploit is currently undetectable by common antivirus applications.

DarkFiber Consulting encourages users and administrators to do the following to help mitigate the risk:

  • Review Adobe Security Bulletin APS08-19 and update to Adobe Reader 9.
  • Use caution when opening untrusted files.
  • Install antivirus software and keep the virus signatures up to date.

Fake Antivirus Software Circulating

September 16th, 2008 . by DarkFiber Consulting

DarkFiber Consulting is aware of public reports indicating an increase in the instances of fake antivirus software circulating. These software applications are malicious code, not legitimate antivirus applications. These instances of malicious code are noted as being distributed through spam email messages containing malicious links, instant messages containing malicious links, private messages on social networking sites, infection from other malware, and from visiting compromised websites.

Quite often, this malware attempts to convince users that there is something wrong with their systems. This leads to an attempt persuade the users into purchasing an illegitimate antivirus application. If the user purchases the bogus software, the attacker may be able to obtain personal and credit card information for use in additional scams and fraudulent activity.

DarkFiber Consulting encourages users to perform the following preventative measures to help mitigate the risks:

  • Install legitimate antivirus software from a trusted vendor, and keep its virus signature files up-to-date.
  • Do not follow unsolicited web links found in email messages or instant messages.
  • Use caution when visiting untrusted websites.
  • Do not install untrusted software.