Let's Not Gozi What's In That .pdf

That particularly virulent .pdf trojan nicknamed the "Gozi Trojan" is back again in a new and slightly more sophisticated form. It uses a flaw in the Adobe Acrobat v.8.x. reader to steal your info as you're entering it into forms. You know that little padlock you see when you're communicating with an SSL encrypted page? It's just a pretty picture if you've downloaded the malware from a phony .pdf.

This latest attack provides a good example of several successful tactics in the malware business coming together for a single attack. It uses a recent and widely publicized vulnerability (in Acrobat) to deliver a known-to-be-effective Trojan (Gozi) which is distributed to PCs through yet another bot that allows Google Gmail to mass distribute e-mails, but is still able to bypass spam filters by using yet another popular and recently successful tactic (PDF spam).

The servers that hosted the pirated information (Russian. Of Course!) were shut down by their ISP. Sounds good, but not really. It wasn't because they were identified as crooks, but only because the spike in traffic was too large for them to handle. So a lot of people are getting taken. HotHardware reminds you to be deeply suspicious of any .pdf you receive. You can download a patch from Adobe here. And someone ask Al Gore to go back and fix his invention and turn off Russia.

Via:  CSO
Tags:  PDF
Post a Comment
or Register to comment