Naked Adobe a hacker honeypot

Some of the most exploited vulnerabilities out in the wild are for Adobe software, according to a report released by M86 Security software, despite the fact that the holes being exploited were patched by Adobe two years ago.
Written by Michael Lee, Contributor

Some of the most exploited vulnerabilities out in the wild are for Adobe software, according to a report released by M86 Security software, despite the fact that the holes being exploited were patched by Adobe two years ago.

The report examines the state of internet security over the past six months, including the top 15 vulnerabilities.

While Internet Explorer and Office Web Components vulnerabilities continued to take the top two places on the list, six Adobe-related vulnerabilities account for a large portion of the top 15. However, all of the Adobe vulnerabilities listed were ones that were patched in either 2008 or 2009.


The top 15 vulnerabilities for the first half of 2011. Click image to enlarge.
(Credit: M86 Security Labs)

Avast Software recently ran a user survey that said half of Adobe Reader were still running vulnerable versions of the software. Avast CTO Ondrej Vlcek said that users simply aren't keeping themselves up to date.

"There is a basic assumption that people will automatically update or migrate to the newer version of any program. At least with Adobe Reader, this assumption is wrong — and it's exposing users to a wide range of potential threats," he said.

M86 director sales engineering Asia-Pacific, Jason Pearce, suggested that this may also be due to a lack of trust in Adobe.

"There's also a bit of resistance with a lot of organisations to update Adobe patches and things because of the issue we had last year when the Adobe updater was actually compromised itself. A lot of people are very cautious about updating Adobe [products]."

When presented with the Avast user statistics, Brad Arkin, Adobe senior director of product security and privacy, said consumers didn't bother updating a free application like Reader because PDF files could be viewed in older versions.

In order to combat this, Adobe has been providing patches for Reader 8, 9 and its latest Reader X software, but even Arkin is sceptical that this is working.

"I think a large percentage of users simply decline the update notification," he said.

Arkin hoped that if users transitioned to a sandboxed version of Adobe, they would be better protected, but Pearce is not certain that this would work.

"I'm not sure that sandboxing is going to be the fix. If you haven't educated the end user to actually accept those updates when they come through, then it's not going to help you anyway," Pearce said.

The report also saw a reduction in spam caused by botnets. Spam, as a percentage of total inbound mail, dropped from 90 per cent in September last year to 77 per cent in June this year. The report stated this was due to the closure of Pushdo, Mega-D, Bredolab and Rustock botnets, as well as the closure of the Spamit.com affiliate program used by botnets.

However, Pearce said shutting down the botnets was only the beginning.

"You're only scratching the surface when you shut down somebody's botnet. There are plenty of replacements that are ready to go. The reason is that running a botnet is very easy.

"I think what you'll find is that a lot of these larger botnets will possibly disappear and I think you'll see a spate of smaller ones that are a lot harder to detect," he said. "They won't [operate for] months and months on end — these will be things that are 24- to 48-hour types of packs that disappear, that way they don't get caught, and then they'll relaunch those mini botnets at a more regular occurrence purely for that reason that the risk of getting caught is very, very low."

Pearce said that it was becoming easier than ever for individuals to set up botnets in this manner and that it was a lucrative angle of attack for scammers.

"The chances of me being taken to court are very, very low, but the chances of me capturing a whole bunch of private data that I could sell online and make a lot of money from is very, very easy."

The report also saw social network scams reach an all-time high, with scammers taking advantage of cross-site script vulnerabilities, or writing vulnerabilities. Pearce also said that social networking sites were a goldmine for identity thieves.

"The reason why Facebook is such a great source for hackers is because you get access to millions and millions of users and out of those, probably only 1 or 2 per cent have locked down their account. It's a great source of personal information."

"[A victim's] Facebook account has their name, their phone number, sometimes has their address. Then they link to their family, so you can find out what's their mother's maiden name, their date of birth, that sort of thing."

"When you ring up a bank and say that you've lost your PIN number, what are the first three questions that the bank asks you? What's your name, what's your address, what's your mother's maiden name? All that information is readily available on Facebook because people don't set their privacy settings properly."

Editorial standards