• 0Day Attack – Adobe Reader

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » 0Day Attack – Adobe Reader

    Author
    Topic
    WSbobthebear
    AskWoody Lounger
    December 16, 2009 at 2:26 pm #464888

    Earlier today a new PDF icon appeared on my desktop.
    Hovering brought up the following:

    Nine Free Programs Ebook-2E
    Type: Adobe Acrobat Reader
    Date Modified: 26/11/2009
    Size: 2.45 MB

    I have no idea how the icon got there but I had recently
    updated my Adobe reader, and may have clicked on it
    and downloaded what I thought was a further update.
    I don’t remember.

    Only afterwards did I read the warning on Woody’s website
    about the 0Day attack – Adobe Reader.

    If this icon represents that threat, how do I get rid of it, as well as
    get rid of whatever I may have downloaded?

    Has anyone else had a run-in with this?

    Addendum: I just noticed that my AVG email protection is marked
    NOT ACTIVE and I can’t seem to download an update.

    Reply | Quote
    Viewing 3 reply threads
    Author
    Replies
    • WSjscher2000
      AskWoody Lounger
      December 16, 2009 at 2:51 pm #1192064

      Usually, a new attack vector is used to install well known malware, so your usual anti-malware scans are the first step.

      == Edit ==

      If AVG is not working, try using the online HouseCall scanner (use IE if possible):

      http://housecall.trendmicro.com/

      Also grab: Malwarebytes Anti-malware.

      Reply | Quote
      • WSbobthebear
        AskWoody Lounger
        December 17, 2009 at 7:27 am #1192429

        Usually, a new attack vector is used to install well known malware, so your usual anti-malware scans are the first step.

        == Edit ==

        If AVG is not working, try using the online HouseCall scanner (use IE if possible):

        http://housecall.trendmicro.com/

        Also grab: Malwarebytes Anti-malware.

        Thank you, jscher2000. I was assuming it was something new but rereading Woody’s
        warning, I see it’s been around before.

        AVG was working, but for some reason the email component had disappeared — which
        I finally managed to get back. A total drive AVG scan found nothing.

        I’m not familiar with the online HouseCall scanner. Does that mean that they do
        the scan on your computer directly from their site?

        I’ll also look into malwarebytes. Is it a separate AV program or can it run in
        concert with AVG?

        Thanks again for your input.

        Reply | Quote
        • WSjscher2000
          AskWoody Lounger
          December 17, 2009 at 3:41 pm #1192584

          I’m not familiar with the online HouseCall scanner. Does that mean that they do the scan on your computer directly from their site?

          The site uses an ActiveX control (IE) or Java applet (other browsers), so you don’t need to pre-install any software. However, your hard drive is not uploaded to the site.

          I’ll also look into malwarebytes. Is it a separate AV program or can it run in
          concert with AVG?

          It is an on-demand scanner, so it does not conflict with real-time scanners.

          Reply | Quote
          • WSbobthebear
            AskWoody Lounger
            December 24, 2009 at 10:26 am #1194017

            The site uses an ActiveX control (IE) or Java applet (other browsers), so you don’t need to pre-install any software. However, your hard drive is not uploaded to the site.

            It is an on-demand scanner, so it does not conflict with real-time scanners.

            I’ll check both of these out. Thanks for the info.

            Reply | Quote
    • WSArgus
      AskWoody Lounger
      December 16, 2009 at 5:07 pm #1192127

      Are you sure you didn’t download that one from Windows Secrets? I’m sure several people have a similar file from around that date.

      But of course, do scan everything you download and use.

      Reply | Quote
      • WSbobthebear
        AskWoody Lounger
        December 17, 2009 at 7:49 am #1192434

        Are you sure you didn’t download that one from Windows Secrets?
        I’m sure several people have a similar file from around that date.

        But of course, do scan everything you download and use.

        Good question. I recall Windows Secrets offering something or other
        but I’m almost certain I didn’t download anything because I was strapped
        for time and there were 3 or 4 other unread Windows Secrets issues, only
        one of which I looked at. They are still unread. I’ll check the one
        I did look at.

        === UPDATE: You have a good memory for dates. I checked the 26 November
        issue of Windows Secrets — the same date on the PDF icon on my desktop —
        and the download offer was for excerpts from a book on Windows-7. I’m
        XP so I certainly didn’t download it. ===

        There’s another anomaly. On the net yesterday, almost every site I went to
        had a pop-up that said something like:

        This website would like you to download Adobe flash reader.

        ===EDIT=== That should be: “Adobe Flash Player Installer”

        I would say that this happened at least 10 times. Even more unusual since I have
        all pop-ups blocked.

        I’m still confused. Exactly what is the 0day attack anyway?

        Reply | Quote
    • WSPaulB
      AskWoody Lounger
      December 24, 2009 at 3:42 pm #1194038

      Earlier today a new PDF… snip

      As Argus pointed out, this is in all probability a download from the Windows Secrets site. Here is a graphic from Windows Secrets from that time period:

      Reply | Quote
    • WSbobthebear
      AskWoody Lounger
      December 25, 2009 at 7:42 pm #1194126

      Thanks, Paul, for putting it so graphically, and bad on me for not paying more attention
      to my very own post — which does exactly quote the image.

      Mystery solved. At least the mystery of what it is. The mystery
      of how it got there is still up in the air, because I very rarely download anything without
      checking it out first. However, one can never negate the factor of a little
      early holiday cheer.

      Apologies to Argus, who got it right the first time round, and holiday cheers to all.

      Reply | Quote
    Viewing 3 reply threads
    Reply To: 0Day Attack – Adobe Reader

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.