Several vulnerabilities in PDF-Pro can be exploited by malicious people to compromise a user's system, according to Secunia.
Analysis by Symantec reveals that in February, 1 in 290.1 emails (0.345%) was malicious making February among the most prolific time periods both in terms of simultaneous attacks and malware family integration across Zeus (aka Zbot), Bredolab and SpyEye.\r\n\r\n\r\nAlso in February, there were at least 40 variants of malware associated with the Bredolab Trojan, accounting for at least 10.3 percent of email-borne malware blocked by MessageLabs Intelligence in February. These latest findings reveal that contrary to recent beliefs, Bredolab is not dead and techniques previously associated with Bredolab malware have now become more common among other major malware families.\r\n\r\nSince the end of January, MessageLabs Intelligence has tracked significant volumes of collaborative attacks that make use of well-timed and carefully crafted targeted techniques. As February began, the attacks increased in number and these malware families were used aggressively to conduct simultaneous attacks via propagation techniques, signaling the likelihood of a common origin for these infected emails.\r\n\r\n\r\nAlthough the vast majority of attacks were related to Zeus and SpyEye, many of the attacks share commonalities with the well-known Bredolab Trojan, indicating some of the features associated with Bredolab were being used by Zeus and SpyEye.\r\n\r\nAll of these attacks made use of a ZIP archive attachment that contained an executable comprising the malware code. In February, 1.5% of malware blocked comprised ZIP archive attachments and further analysis revealed that 79.2% of this was connected with the latest wave of Bredolab, Zeus and SpyEye attacks.\r\n\r\nOver the past year, malicious executable files have increased in frequency along with PDF files, the most popular file format for malware distribution. PDFs now account for a larger proportion of document file types used as attack vectors.\r\n\r\nIn 2009, approximately, 52.6 percent of targeted attacks used PDF exploits, compared with 65 percent in 2010, an increase of 12.4 percent. Despite a downturn this month, if the trend were to continue as it has over the past year, 76 percent of targeted malware could be used for PDF-based attacks by mid-2011.\r\n\r\nGeographical trends:China became the most spammed in February with a spam rate of 86.2 percent.In the US and Canada, 81.4 percent of email was spam. Spam levels in the UK were 81.1 percent.In The Netherlands, spam accounted for 82.2 percent of email traffic, while spam levels reached 81.2 percent in Germany, 81.7 percent in Denmark and 81.0 percent in Australia.Spam levels in Hong Kong reached 82.8 percent and 80.4 percent in Singapore. Spam levels in Japan were 78.5 percent. In South Africa, spam accounted for 81.6 percent of email traffic.South Africa remained the most targeted by email-borne malware with 1 in 81.8 emails blocked as malicious in February.In the UK, 1 in 139.0 emails contained malware. In the US virus levels were 1 in 713.6 and 1 in 328.8 for Canada.
Critical vulnerabilities have been identified in Adobe Reader X (10.0) for Windows and Macintosh; Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh and UNIX; and Adobe Acrobat X (10.0) and earlier versions for Windows and Macintosh.
There is a steady growth of threats to mobile platforms, according to a new McAfee report.\r\n\r\nThe number of pieces of new mobile malware in 2010 increased by 46 percent compared with 2009. The report also uncovered 20 million new pieces of malware in 2010, equating to nearly 55,000 new malware threats every day.\r\n\r\n\r\nOf the almost 55 million total pieces of malware McAfee Labs has identified, 36 percent was created in 2010. Concurrently, spam accounted for 80 percent of total email traffic in Q4 2010, the lowest point since the first quarter of 2007.\r\n\r\nThreats to mobile platforms are not new. However, as more consumers use mobile devices and tablets in their daily lives and at work, cybercriminals have taken note. During the last several years, McAfee Labs has seen a steady growth in the number of threats to mobile devices.\r\n\r\nSome of the most interesting mobile threats of Q4 2010 were SymbOS/Zitmo.A and Android/Geinimi. SymbOS/Zitmo.A was a high-profile threat that struck early in the quarter. The creators of the Zeus botnet repurposed an old version of a commercial spyware package.\r\n\r\nAndroid/Geinimi, a Trojan inserted into legitimate mobile applications and games for the Android platform, was one of the most important threats of the quarter.\r\n\r\nWith the adoption of so many new mobile platforms, combined with the lack of security awareness and mobile safeguards, McAfee Labs expects cybercriminals to use botnet infections to target mobile devices.\r\n\r\nIn Q4 2010, Cutwail was dethroned as the global leader in botnet activity, with Rustock the most prevalent in many parts of the world, and Bobax closely trailing behind the two.\r\n\r\nThe onslaught of malware seems to have no end, and the proliferation of both handled and IP-enabled devices’ affect on this growth remains to be seen. The top malware threats in Q4 2010 were very different in various geographies, due in part to the larger trend that threats now tend to match the types of users, habits and events that are specific to a region. \r\n\r\nFavorites for cybercriminals worldwide this quarter consisted of AutoRun malware (Generic!atr), banking Trojans and downloaders (PWS or Generic.dx), as well as web-based exploits (StartPage and Exploit-MS04-028).\r\n\r\nSpam hitting its lowest levels in years can be attributed to a “transition period,” with several botnets going dormant during a time of year when spam volumes are usually on an upward path.\r\n\r\nIn Q4, McAfee Labs learned the Bredolab botnet had been closed along with parts of the Zeus botnet. Around the Christmas holiday, spam from the Rustock, Lethic, and Xarvester botnets all disappeared, while the spam leaders this quarter were the Bobax and Grum botnets.\r\n\r\nAs more users access the Internet from an ever-expanding pool of devices—computer, tablet, smartphone or Internet TV—web-based threats will continue to grow in size and sophistication. In Q4, some of the most active threats included Zeus-Murofet, Conficker and Koobface, and the number of potentially malicious domains grew at a rapid pace.\r\n\r\nPhishing URLs in the form of the IRS, gift cards, rewards accounts, and social networking accounts were also among the most popular. McAfee Labs found that within the top 100 results of the top daily search terms, 51 percent led to malicious sites, and on average each of these poisoned results pages contained more than five malicious links.\r\n\r\nMcAfee Labs expects attacks using the techniques of search-engine abuse and trend abuse to focus more specifically on new types of devices in 2011.\r\n\r\nIn 2009, McAfee Labs predicted that vulnerabilities in Adobe product would become the clear choice of malware authors and cybercriminals for distribution malware and compromising systems and networks. This prediction has come true. Throughout 2010 malware developers have heavily exploited weaknesses in both Flash and especially PDF technologies.\r\n\r\nMcAfee Labs databases reveal that malicious PDFs targeting Adobe Acrobat topped the number of unique samples by a wide margin, making them the favorite target of client-side exploitation.
GFI Software revealed continuing high levels of rogue security products circulating during January, and a surge in malware that takes aim at vulnerabilities within Adobe Reader and the PDF file format – two of the top 10 detections are aimed at exploiting holes within Adobe.\r\n\r\n\r\nAs was the case in December 2010, seven of the top 10 malware detections were Trojans, with those seven accounting for almost 34% of all malware detections for the month.\r\n\r\nThreatNet also revealed an increase in the FakeVimes rogues that were reported last month, when FraudTool.Win32.FakeVimes!delf (v) hit the number nine spot with .73 percent of all detections.\r\n\r\nThis represents a VIPRE heuristics detection for malicious code associated with the FakeVimes family of rogue security products, illustrating the continued growth of fake and compromised security applications as a means to circulate and covertly install malware onto PCs.\r\n\r\nIn January, a detection of PersonalInternetSecurity2011.FakeVimes (.64 percent of detections) was at the number 12 spot and the top 50 also included Antivirus8.FakeXPA, FraudTool.Win32.FakeVimes!VB (v) and Win32.FakeVimes!delf (v). There are approximately 17 rogues that are considered members of the FakeVimes family. They first appeared in January of last year.\r\n\r\nTwitter users fell victim to a fake antivirus software scam in January as a number of accounts began distributing links promoting rogue security software. The attack used Google\'s Web address shortening service to conceal the links\' destination.\r\n\r\nTwitter worked to reset passwords, but there is no telling how many users were led to malicious sites due to this phishing attack.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.