Adobe 0-day OR Trojan.Pidief.E

Threat type: Vulnerability

Situation Summary

An error, known as a vulnerability has been found in both Adobe Acrobat and Adobe Reader that will allow a criminal to download and run malicious programs onto a target’s computer simply by fooling the user into opening an infected PDF file. Adobe is working on a patch to eliminate the problem. In the meantime, users can reduce their risk by not opening PDF files found on the internet, by turning off JavaScript in their Adobe reader or Adobe Acrobat or by running one of Symantec’s Norton security solutions. Try Norton Internet Security or Norton 360.

What does this threat do specifically?

This is a vulnerability – a weakness that criminal hackers can exploit in many different ways. The specific attacks that we have seen using this vulnerability attempt to download a malicious program called a trojan that among other things may allow the criminal to access files on the victim’s computer, steal keystrokes or remotely control the computer. Details on this Trojan can be found here

Who is at risk?

Anyone who has installed Adobe Acrobat or Adobe Reader and does not have Norton security protection is at risk. You can significantly reduce the risk by turning off JavaScript in your Adobe product.

How do you turn off JavaScript?

Acrobat Reader or Adobe Acrobat
From the menus, select as displayed in the screenshot below:
Edit / Preferences /JavaScript - then uncheck “Enable Acrobat JavaScript”

What to do if you are infected?

Detailed removal instructions for the Trojan mentioned above are available here.

How To Avoid The Threat

1. Run a great security suite.
2. Turn off JavaScript in your Adobe product until a fix is available from Adobe.
3. Keep your computer updated with the latest security patches. If you don’t know how to do this, have someone help you set your system to update itself.
4. Don’t use “free” security scans that pop-up on many web sites. All too often these are fake, using scare tactics to try to get you to purchase their “full” service. In many cases these are actually infecting you while they run.
5. Don’t open files attached to emails or instant messages unless you know exactly why the file was sent to you.
6. Don’t download files from BitTorrent, LimeWire or other peer-to-peer networks. Criminals have learned to use them to distribute viruses, trojans and worms.
7. Turn off the “autorun” feature that will automatically run programs found on memory sticks and other USB devices.
8. Have backups of your computer. If you don’t have a backup solution, consider purchasing a hard drive and using Norton Ghost 14.0.
9. Be smart with your passwords. This includes

   1. Change your passwords periodically
   2. Use complex passwords – no simple names or words, use special characters and numbers
   3. Using a separate, longer password for each site that has sensitive personal information or access to your bank accounts or credit cards.
   4. Use a passwords management system such as Identity Safe (included in Norton Internet Security and Norton 360) to track your passwords and to fill out forms automatically.

10. Use an internet browser with strong security such as Firefox, Opera or IE 8.0.

FAQ

Q: Am I safe if I don’t go to questionable web sites?

A: No. This is a subtle flaw in one of the world’s most widely used file formats. Files from infected web sites are one possible source of infection. Infected PDF files may also be emailed, sent by instant messenger or distributed in many other ways.

Q: How do I know if I am infected?

A: When opening a PDF file you may see your Adobe product close and reopen with a blank PDF file.

Recommended Action

• Make sure your computer is clean with a free Norton Security Scan.
• Try Norton Internet Security or Norton 360.
• Purchase Norton Internet Security or Norton 360.