Join        Login             Stock Quote

Malware creeping into portable documents

Tuesday, December 13, 2011 1:13 PM

WASHINGTON, Dec. 13 (UPI) -- Malware designed to damage computer systems is being secreted into portable documents, commonly known as PDF, by cybercriminals whose efforts usually are thwarted by antivirus software.

Defense analysts cited in online commentaries said the PDF attacks were aimed at corporate and government institutions and were part of sophisticated schemes aimed at extracting information from systems otherwise thought to be firewalled and secure.

Several corporate sources confirmed defense organizations were targeted in the attacks which appeared to be well-funded and could come from an unknown country or corporate entity.

News of the latest cyberthreat coming through PDF files followed warnings from computer software company Symantec, comments from defense manufacturer Lockheed Martin and software provider Adobe that acknowledged the risk.

Cyber-criminals trying to take advantage of the alleged weakness in Adobe's PDF reading and editing software use a well-known family of malware called Sykipot, Symantec said.

The attackers aim the malicious code at so called zero-day vulnerabilities that as yet haven't been reported by security experts or software makers, CRN said on its Web site. The attackers also hit PDF as a common business application hoping that many users wouldn't have kept up with the latest security patches.

Before the risks to PDF files came to light, computer users worldwide were made aware of risks in opening attachments of texts or graphics written in Microsoft Word, Excel and other word and image applications.

On Dec. 1, Symantec reported a high volume of e-mail carrying Sykipot malware aimed at Acrobat Reader and Acrobat editing software. The attackers sent the messages mostly to high-ranking executives who could have sensitive or strategic information on their computer networks.

The attacks were able initially to send commands to targeted computers to gather system and network information and determine whether a computer system was worth hacking into. The attackers were also able to customize commands to exfiltrate the information.

Symantec said cyberattackers were behind a March 2010 attack on a zero-day vulnerability in Microsoft Internet Explorer. Persistence of the attacks indicated that the cybercriminals may be scoring successes along the way, the company said.

Adobe was apparently alerted to the risk by Lockheed Martin and the Defense Security Information Exchange, a group of major defense contractors that share information about computer attacks.

DSIE includes companies that are part of the so-called the "Defense Industrial Base," some of the largest U.S. defense contractors, including Boeing, General Dynamics, Lockheed Martin, Northrop Grumman, Pratt and Whitney and Raytheon, Computerworld said.

Symantec published an image of a redacted email of the attack's bait -- the promise of a 2012 guide to policies on new contract awards -- that it said was a sample of the pitches that tried to dupe recipients into opening the attached PDF document.

The Sykipot malware encrypts the pilfered data after it has been retrieved from the victimized firm but while it is still stored on the company's network, as well as when it's transmitted to a hacker-controlled server.

Symantec said the same group of hackers who launched the attacks against IE6 and IE7 in 2010 were also responsible for Reader-based attacks since November.

(Source: UPI )
(Source: Quotemedia)


Fundamental data is provided by Zacks Investment Research, and Commentary, news and Press Releases provided by YellowBrix and Quotemedia.
All information provided "as is" for informational purposes only, not intended for trading purposes or advice. iStockAnalyst.com is not an investment adviser and does not provide, endorse or review any information or data contained herein.
The blog articles are opinions by respective blogger. By using this site you are agreeing to terms and conditions posted on respective bloggers' website.
The postings/comments on the site may or may not be from reliable sources. Neither iStockAnalyst nor any of its independent providers is liable for any informational errors, incompleteness, or delays, or for any actions taken in reliance on information contained herein. You are solely responsible for the investment decisions made by you and the consequences resulting therefrom. By accessing the iStockAnalyst.com site, you agree not to redistribute the information found therein.
The sector scan is based on 15-30 minutes delayed data. The Pattern scan is based on EOD data.