Adobe product exploits on your local computer can compromise your servers

[Brad Mitchell]

I have just sent this to all of our customers and wanted to bring the exploit to the whole community's attention as this is something that can affect everyone at all hosts. Best wishes to all and enjoy your weekend.



Dear Clients,

We have caught something early and fortunately, for 99% of you, this will likely mean that you have not been a victim yet. To give this scenario perspective, in the last week we have identified approximately 3 clients where in the final analysis it was determined this exploit of client side software has been the culprit.

If you are not running the most recently patched versions of Adobe Acrobat and Adobe Flash Player you are at risk for compromising your web sites. A recently discovered vulnerability in this software which runs locally on your computer can lead to malware stealing your FTP credentials with the potential for much more. This poses a significant security risk to your server and web sites, leading to attackers using client FTP credentials to deface web sites and insert malicious code which can exploit things further. Below is a description of the risk from the United States Computer Emergency Readiness Team.

Here are two quick links to update your versions:
http://get.adobe.com/flashplayer/
http://get.adobe.com/reader/

Lastly, please be sure that you are up to date with good antivirus software on your local computer. If you discover by surfing any of your web sites that they have been affected, please enter a support ticket and our team can help to mitigate any damage done and issue new FTP/other credentials. It is crucial that your local software and virus protection be up to date and this unexpected exploit of everyday software is a lesson to everybody about just how fragile things truly can be.

---------------------------------------------------------------------
Information as published on: http://www.us-cert.gov/current/

Gumblar Malware Exploit Circulating
added May 18, 2009 at 12:47 pm

US-CERT is aware of public reports of a malware exploit circulating. This is a drive-by-download exploit with multiple stages and is being referred to as Gumblar. The first stage of this exploit attempts to compromise legitimate websites by injecting malicious code into them. Reports indicate that these website infections occur primarily through stolen FTP credentials but may also be compromised through poor configuration settings, vulnerable web applications, etc. The second stage of this exploit occurs when users visit a website compromised by Gumblar. Users who visit these compromised websites and have not applied updates for known PDF and Flash Player vulnerabilities may become infected with malware. This malware may be used by attackers to monitor network traffic and obtain sensitive information, including FTP and login credentials, that can be used to conduct further exploits. Additionally, this malware may also redirect Google search results for the infected user.

US-CERT encourages users and administrators to apply software updates in a timely manner and use up-to-date antivirus software to help mitigate the risks.

US-CERT will provide additional information as it becomes available.
---------------------------------------------------------------------


Sincerely,

Brad Mitchell, CEO
MojoHost
888-345-MOJO Toll Free
248-233-2045 International
ICQ #56950199

[SeanLEE]

My computer crashes ten times a day- flash.ocx internet explorer issue

Ive tried and tried and tried- but cant stop it.

I thought it was google virusing the IE browser to compete with Chrome-

But now Im not sure.

Nonetheless- Im about to switch back to my Mac pro-

[Diomed]

I have been fucked up by that adobe one like 10 times now,

I think I have it again.

[Tat2Jr]

First thing to do is get RID of Adobe Reader altogether. Their time between finding a vulnerability and patching it is unacceptable. Use Foxit instead. MUCH more secure, and MUCH faster.

http://www.foxitsoftware.com/pdf/reader/

[rowan]

I've been "saved" from the exploits because I have my browser set up to NOT embed pdfs... instead I get a dialog asking what I'd like to do with XXX.pdf (save, load with default application).

I've loaded at least 3 sites which invoked this dialog, so if it wasn't for that I probably would have been infected.

I think it's time to try something else, foxit looks good...

[rowan]

Adobe reader uninstalled
Foxit installed (gee, talk about prechecked cross sales :D )
Adobe flash uninstalled
Latest version installed

I'm set. :D

[Grapesoda]

Quote:

Originally Posted by SeanLEE

My computer crashes ten times a day- flash.ocx internet explorer issue

Ive tried and tried and tried- but cant stop it.

I thought it was google virusing the IE browser to compete with Chrome-

But now Im not sure.

Nonetheless- Im about to switch back to my Mac pro-

I have the same bullshit with flash...adobe crashes out another computer that I don't use on-line randomly as well

[Grapesoda]

Quote:

Originally Posted by Tat2Jr

First thing to do is get RID of Adobe Reader altogether. Their time between finding a vulnerability and patching it is unacceptable. Use Foxit instead. MUCH more secure, and MUCH faster.

http://www.foxitsoftware.com/pdf/reader/

man you are a life saver!! now is there another way to use flash without adobe?

[Robbie]

Thanks for the info Brad

[Brad Mitchell]

Quote:

Originally Posted by Robbie

Thanks for the info Brad

Sure thing!

Everyone else, great suggestions on product alternatives, etc, keep it coming for the greater good.

Cheers,

Brad

[Agent 488]

adobe is gay.

[Ethersync]

Thanks....

[mynameisjim]

I visited a very popular adult company and they were infected, it loaded a PDF by itself and I got infected. Had to dump the HDD.

I'll never use acrobat again. I'm stuck with flash but Adobe is pretty slow on the patching.

[u-Bob]

thnx, but already removed Acrobat 3 weeks ago when it wouldn't let me install the security updates without the install cd.... :/

[Tat2Jr]

Quote:

Originally Posted by bm bradley

man you are a life saver!! now is there another way to use flash without adobe?

Not that I've heard of. You can use an extension in Firefox called "No Script" that will block all flash until you whitelist it. It also protects against clickjacking (and is the only thing so far that does).

[Brad Mitchell]

Bump for the uninformed..

Brad

[Klen]

Hmm this explain why some trojan site loads pdf when opening.So that means i would be infected if i didnt used foxit.

[AmeliaG]

Wow, that is creepy.

[budz]

<3 noscript

noscript.net

[digifan]

Quote:

Originally Posted by Brad Mitchell

Bump for the uninformed..

Brad

Thanks Brad! I have stopped using Adobe Reader long ago btw, I do not need it at all.

Another bizump.