Site Archives javascript
Malware Infection Methods: Drive-by Downloads
Now that the Internet has been around for some time, users are starting to become more adept at protecting themselves from Web-based threats. Users have learned that certain parts of the Web or Web pages, like advertisements, can pose a security threat and, therefore, will avoid clicking on them. Unfortunately, the malware writers have also noticed the trend and continue to come up with new ways of distributing their malicious applications. The most popular method used for the past year is called Drive-by Downloads. The term Drive-by Download means users become infected simply by surfing an exploited Web page and are completely unaware of the malicious file download occurring in the background. Web browser exploits (such as IE, Firefox, Safari, etc.) and other third party application exploits (such as Adobe Reader, Microsoft Excel, etc.) can potentially allow remote code execution, which can lead to a malicious file download which is completely invisible to the user. Fake pop-ups that look legitimate, often cleverly masqueraded as anti-virus solutions, are also a popular method of tricking a user into either clicking on the pop-up to close it or following the instructions on the pop-up, both of which result in malicious file downloads.
Adobe Releases Patch for Critical Acrobat Vulnerability
GSA Reference Number: AD090513-01
Simply Put: Adobe has released a patch for the critical vulnerability affecting its Acrobat products. This vulnerability was previously discussed in Gladiator Advisory AD090430-01 on April 30th, stating that all versions of Adobe Reader and Adobe Acrobat, on all operating systems, are affected by a Critical JavaScript Vulnerability.
Critical Adobe Reader And Acrobat JavaScript Vulnerability
GSA Reference Number: AD090430-01
Simply Put: All versions of Adobe Reader and Adobe Acrobat, on all operating systems, are affected by a Critical JavaScript Vulnerability. Currently, Adobe has not released a patch for this issue. Gladiator recommends disabling JavaScript in Adobe Reader and Adobe Acrobat to help mitigate the issue.
Critical Adobe Patch Released
GSA Reference Number: AD090311-01
Replaces GSA Reference Number: AD090220-01
Simply Put: Adobe Acrobat 9 and Reader 9 and earlier versions contain a critical vulnerability that allows arbitrary code execution. This issue is currently being exploited. Adobe has released a patch for Acrobat 9 and Reader 9. However, earlier versions of the product remain unpatched. Gladiator recommends upgrading all Adobe installations to version 9.1 if possible.
New Adobe Acrobat and Reader Vulnerability
GSA Reference Number: AD090220-01
Simply Put: Adobe Acrobat 9 and Reader 9 and earlier versions contain an unpatched critical vulnerability that allows arbitrary code execution. Adobe has released an advisory on this issue, but a patch will not be released until March 11th. A workaround has been published that will prevent code execution, but the application will still crash.
Find It Quickly
Find what you're looking for quickly by using our keyword search. Can't find it? Try our links below.
Monthly Archives
Find posts by the month they were written.
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- July 2008
- May 2008
- April 2008
- March 2008
- January 2008
- December 2007
- November 2007