New Malware Overwrites Software Updaters 78
itwbennett writes "Researchers at Bach Khoa Internetwork Security (BKIS), a Vietnamese security company, have found a new type of malware that 'masks itself as an updater for Adobe Systems' products and other software such as Java,' wrote BKIS analyst Nguyen Cong Cuong in a post on the company's blog. BKIS showed screenshots of a variant of the malware that imitates Adobe Reader version 9 and overwrites the AdobeUpdater.exe, which regularly checks in with Adobe to see if a new version of the software is available."
Even TFA admits nothing new (Score:4, Informative)
Re:I'm torned (Score:4, Informative)
This is slashdot*. "Reading" has absolutely nothing to do with any post, any comment, any moderation, or any action or decision here whatsoever.
You must be new here.
*Yes, I am kicking you into a pit as I yell that.
Re:i had a bout of paranoia where i imagined this (Score:4, Informative)
By the way, that article title was bullshit, it was about a 3rd party product that integrates with Microsoft's own WSUS server (used to distribute and control patching of Microsoft software) and uses it's api to distribute third party patches. It costs money, a decent amount of money. MS is not taking on the task of distributing 3rd party patches. You can read my comment on that story if you want to learn more about Secunia's product, I beta tested it. It's bad enough the editors do their best to pass on ignorance and misinformation, please don't help them.
Re:Oh, for the good old days... (Score:2, Informative)
Check the HPA (host protected area) of the drive. I'd wager it's hiding in there.
Re:believe it or not (Score:3, Informative)
Not to 90% of users there isn't.
Re:I'm torned (Score:3, Informative)
I started by opening the Program Files\Adobe\Reader x.x\ folder. You'll see a folder called plug_ins. Make a new folder called "unwanted_plug_ins". Open the original plug_ins folder and you'll see a bunch of .API files (they're just renamed DLLs.)
I picked through them by name, and got rid of the obvious ones first: SendMail.API, ReadOutLoud.API, weblink.API, etc. I just dragged them to the "unwanted" folder. I then opened Adobe Reader and did some simple viewing tests with an existing PDF to make sure it still worked.
Later, when I opened something from the web that didn't work right, it was pretty obvious that I had removed something it wanted. The error was something like "couldn't verify digital signature" so I restored the original DigSig.api file.
It was just some basic crawling thru their junk and applying common sense, nothing spectacularly innovative.