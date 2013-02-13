| BOSTON
BOSTON Feb 13 Adobe Systems Inc is
investigating a report by a cybersecurity firm that hackers
exploited previously unknown bugs in its Reader and Acrobat
software to launch sophisticated attacks on personal computers.
FireEye, a Silicon Valley company that helps businesses
fight cyber attacks, told Reuters it obtained so-called PDF
files tainted with malicious software, which can take advantage
of the newly discovered bugs.
It declined to identify any victims of the attacks.
A spokeswoman for Adobe said that the company is
investigating the report, which surfaced late on Tuesday. She
declined to elaborate.
This has been a busy year so far for Adobe's security team.
In January, the company pushed out security updates to fix
vulnerabilities in Reader, Acrobat and Flash, as well as a
program known as ColdFusion that is used to build websites.
Last week, it rushed out a fix for Flash Player after
security software maker Kaspersky Lab identified a critical bug
that enabled hackers to install "back doors" and take control of
PCs running on Microsoft Corp's Windows operating
system or Apple Inc's Mac OS X.
Adobe's software has long been a popular target for hackers,
who attack PCs by finding bugs in widely used programs that they
can then exploit to insert viruses on computers. Experts
estimate that Reader and Acrobat programs for accessing PDF
documents and Flash Player for accessing Internet content are
installed on more than 1 billion PCs.
Hackers exploiting the most recently discovered
vulnerability use PDF files to infect PCs, according to FireEye.
When the victim opens the PDF, a visa application form
appears onscreen, and a virus installs a covert communications
channel with a remote computer known as a "command and control"
server, which hackers use to control infected PCs, said Zheng
Bu, senior director of research at FireEye.
He said the virus also installs a third malicious file on
the infected computer, but declined to elaborate.
Adobe has yet to provide advice on how to protect PCs
against attack. FireEye said computer users should avoid opening
unfamiliar PDFs, especially when coming from unknown sources.
FireEye said on its blog it has observed attacks on PCs
running Adobe Reader 11, the most-recent version of the
software, as well as Reader 9 and Reader 10.
Adobe said on its own security blog that the issue also
affected Acrobat XI, the current version of the software used to
create PDF documents.