Adobe Reader and targeted malware attacks

Adobe Reader and targeted malware attacks

Summary: If you're still tardy in applying security patches for the ever-present Adobe Reader software, this chart from F-Secure should jolt you into action.


If you're still tardy in applying security patches for the ever-present Adobe Reader software, the chart below from F-Secure should jolt you into action.

The chart provides hard data on the most commonly exploited software exploited by hackers in targeted attacks, the class of malware destined for one specific organization or industry.

It's instructive that Adobe Reader has slowly bypassed Microsoft Word, Microsoft Excel and Microsoft PowerPoint over the last three years, even though those software products are just as ubiquitous in the business world.

From F-Secure: follow Ryan Naraine on twitter

There were 1968 files in 2008. The number was 2195 during the year 2009. That isn't a very large increase in the overall total from 2008 to 2009 but we did see a greater percentage targeting Adobe.

And how about the first two months of 2010?

Well, so far the number is 895, which will more than double last year's number if the current pace continues.

Well, what are you waiting for?  Get patching.


Topics: Malware, Enterprise Software, Microsoft, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Adobe Software

    What I don't understand is why people insist on continuing to use any software from a company with such a rich history of producing software with these problems. The chart pretty much says it all. I removed every trace of Adobe software from our systems about a year ago and haven't looked back. And people question why Apple doesn't allow Flash on their portable products?
    • For the same reason that some people still insist on using Windows.

      They're used to it.
      Their peers use it.
      Most developers make their stuff for it, since most people have it.
      • why continue using?

        For the same reason that people drink Folgers coffee and Lipton tea. They are widely available, familiar and the alternatives, though better, are not as well known or easy to get. Of course, those beverages are not likely to be deadly due to their deficiencies.
    • Halo effect

      [i]What I don't understand is why people insist on continuing to use any software from a company with such a rich history of producing software with these problems. [/i]

      Speaking of rich history, they also developed the code that powers (or powered) PostScript, Type Manager, Illustrator, Premiere, and Acrobat, amongst others. Oh and lest we forget, a crazy gold plated graphics prog with a halo effect that exceeds damn near all others in reach called Photoshop (having wound its way to Adobe from the Knoll brothers). If PS isn't an "industry standard," I know of no another.

      And thus your answer.

      Adobe Flash and Reader remain the ugly ducklings in the pack. Free for the taking as it were, so who's to complain (except us)? ;)
      • The same people who orphan their own products

        They orphaned Pagemaker and will likly orphan Photo Shop. They tend to have very little concern for their customers - especially since they figure everyone NEEDS their products. I guess they will learn.
        • Pagemaker

          Thank goodness they orphaned Pagemaker. It SUCKED.
    • Options

      Well, for reading .PDF files, there just aren't that many alternatives out there. Nobody is going to be able to charge for a "better" .PDF reader, because Acrobat reader is free. These files are just a fact of life in the Internet age, you need to be able to read them for about everything from the documentation that comes with your new computer to the owner's manual for a car stereo that you boiught 5 years ago, and now you can't remember how to adjust the clock for Daylight Savings time.

      In a business environment, you'll get .PDF files for purchase orders, invoices, and various forms.

      It'd be great to just run Linux and pick up all of those things without Acrobat reader, but the software just isn't up to running Linux on many business desktops.

      As an IT administrator, it basically comes down to me having to be on alert for these things, and making sure that security patches are applied as they become available.
      • Foxit PDF reader (nt)

      • No choice for free readers?

        Not that Wikipedia is "all-knowing" and always
        accurate, but I can vouch for most of the stuff
        on this page.

        As you can see, there are plenty of
        alternatives for viewing, creating and
        converting pdf files, a lot of them free, for
        all platforms.

        Hope this helps.
  • RE: Adobe Reader and targeted malware attacks


    Get Patching? Now, if that doesn't sit well with you, maybe you have had enough of the 'the malware problem is yours' being put on you each day.

    Come over to Ubuntu Linux 9.10, which runs AppArmor by default and profiles Evince (Document Viewer, pdfs) and Firefox 3.6, just to name a few Apps which are safely protected in a security model called: Mandatory Access Control (aka sandbox).

    There won't be any need to rescue your PC on a daily basis as Linux has a very low incidence of infection, by virtue of how the operating system is written, designed from the beginning with true multi-user security in mind.

    So, step off of the MS Malware insanity treadmill and give Ubuntu Linux 9.10 your serious consideration.

    You won't regret it.

    Dietrich T. Schmitz
    GNU/Linux Advocate
    DTS Linux Advocate
    • Fail

      • Why?

        Great Kahuna
      • C'mon, you're being too hard on yourself

        there must be something you're good at, I hope. You only have to search for it harder.
        Great Kahuna
    • ^^ The above is spam

      And has been marked as such.
      Loverock Davidson
      • ^^ The above drinks DayQuil like soda-pop and refuses to stop

        DTS Linux Advocate
        • Why do you bother?

          OK, I can understand, you're showing your greatness by treating such an unworthy subject as Loverock with a modicum of respect but...

          Can't you see that you're just feeding the troll on your own time?
          Great Kahuna
          • Yes GK. I see your wisdom. Have to stop doing that.

            DTS Linux Advocate
    • fishing

      Okay, this post is nothing more than fishing for a
      flame war. It really has nothing to do with the
      subject matter. All you windows vs. linux people,
      go take your arguments to a forums et up for it.
      This is supposed to be a Security blog. Let's try
      and actually stay on topic once.
      • No, I am a Linux Activist and it's what we call 'commentary'.

        And the issue (Get patching) is of what I write, so, you are off topic.

        DTS Linux Advocate
        • And you are a spammer

          and that is why you are being reported. This article has nothing to do with what you are writing about. I think you would be better off finding other forums that are more on topic to what you write.
          Loverock Davidson