Open pdfs with updated Acrobat Reader only, warns Trend Micro

Trojans may exploit an array indexing error in versions 9 and older, thereby opening your computer to a can of worms

New Delhi, March 16, 2009: Trend Micro has warned against buffer overflow vulnerability in versions 9.0.0 and earlier of the Adobe Acrobat family of applications that may cause the program(s) to crash, as well as allow a remote user to execute malicious code on an affected system. Trend Micro Security Advisory rated this vulnerability as critical.

It exploits a vulnerability in a non-JavaScript function call; however JavaScript is also used to successfully execute malicious code. Disabling JavaScript will prevent code execution, but not crashes of Adobe Acrobat/Reader.

Trend Micro identifies different malware related to this vulnerability in older versions of Adobe Acrobat and Adobe readers as TROJ_PIDIEF.IN, TROJ_PIDIEF.IP, TROJ_PIDIEF.KO and TROJ_PIDIEF.JB. Explaining how these malware exploit the vulnerability to actually compromise system security, Mr. Amit Nath, Country Manager – India and SAARC, Trend Micro, says, “For example, the Trojan TROJ_PIDIEF.IN takes advantage of Adobe Vulnerability CVE-2009-0658 – an array indexing error when processing a malformed JBIG2 stream within a PDF document. It could allow attackers to cause a vulnerable application to crash or execute arbitrary code by tricking a user into opening a specially-crafted PDF file.” The illustration below shows detailed behaviour program of this Trojan:

Affected Software includes:
· Adobe Acrobat Pro 9.0.0 and earlier versions
· Adobe Acrobat Pro Extended 9.0.0 and earlier versions
· Adobe Acrobat Standard 9.0.0 and earlier versions
· Adobe Reader 9.0.0 and earlier versions

Says Mr. Nath, “Since Acrobat integrates seamlessly with popular web browsers, simply clicking on a seemingly-safe PDF file on a website may be enough to cause Acrobat to load PDF content on your computer. This way, all that an attacker needs to do to exploit these vulnerabilities is to convince gullible users of the (fake) authenticity of the specially-crafted Adobe Portable Document Format (PDF) file and coax them into opening it.”

Trend Micro advises people to refrain from using these products until the appropriate patches have been installed. For Trend Micro users all detections are currently available in official pattern and suggest users to keep Trend Micro products up-to-date with the current pattern.

As of March 10, 2009, Adobe has recommended users of Adobe Reader and Acrobat 9 to update to the latest versions Adobe Reader 9.1 and Acrobat 9.1. As per the latest available information, updates for Adobe Reader 7 and 8, and Acrobat 7 and 8, are expected to be launched by Adobe by March 18. Adobe Reader 9.1 for Unix is also likely to be made available by March 25.

About Trend Micro:
Trend Micro Incorporated, a global leader in Internet content security, focuses on securing the exchange of digital information for businesses and consumers. A pioneer and industry vanguard, Trend Micro is advancing integrated threat management technology to protect operational continuity, personal information, and property from malware, spam, data leaks and the newest Web threats. Visit TrendWatch at www.trendmicro.com/go/trendwatch to learn more about the threats. Trend Micro’s flexible solutions, available in multiple form factors, are supported 24/7 by threat intelligence experts around the globe. Many of these solutions are powered by the Trend Micro Smart Protection Network, a next generation cloud-client content security infrastructure designed to protect customers from Web threats. A transnational company, with headquarters in Tokyo, Trend Micro’s trusted security solutions are sold through its business partners worldwide. Please visit www.apac.trendmicro.com.

Media Contacts:
Ms Era Singh,
Marketing Manager, Trend Micro
Tel : 011-42699000

R&PM:Edelman
Puneet Khunger (9717022726)
puneet.khunger {at} edelman(.)com