Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security Software IT

New Malware Overwrites Software Updaters 78

Posted by Soulskill from the i'm-sure-the-updaters-don't-go-down-without-a-fight dept.
itwbennett writes "Researchers at Bach Khoa Internetwork Security (BKIS), a Vietnamese security company, have found a new type of malware that 'masks itself as an updater for Adobe Systems' products and other software such as Java,' wrote BKIS analyst Nguyen Cong Cuong in a post on the company's blog. BKIS showed screenshots of a variant of the malware that imitates Adobe Reader version 9 and overwrites the AdobeUpdater.exe, which regularly checks in with Adobe to see if a new version of the software is available."
This discussion has been archived. No new comments can be posted.

New Malware Overwrites Software Updaters More

New Malware Overwrites Software Updaters

Comments Filter:

  • Even TFA admits nothing new (Score:4, Informative)

    by Orga ( 1720130 ) on Friday March 26, 2010 @02:34PM (#31630216)
    Malware that poses as an updater or installer for applications such as Adobe's Acrobat or Flash are nothing new, said Rik Ferguson, senior security advisor for Trend Micro.

  • Re:I'm torned (Score:4, Informative)

    by idontgno ( 624372 ) on Friday March 26, 2010 @03:23PM (#31630916) Journal

    This is slashdot*. "Reading" has absolutely nothing to do with any post, any comment, any moderation, or any action or decision here whatsoever.

    You must be new here.

    *Yes, I am kicking you into a pit as I yell that.

  • By the way, that article title was bullshit, it was about a 3rd party product that integrates with Microsoft's own WSUS server (used to distribute and control patching of Microsoft software) and uses it's api to distribute third party patches. It costs money, a decent amount of money. MS is not taking on the task of distributing 3rd party patches. You can read my comment on that story if you want to learn more about Secunia's product, I beta tested it. It's bad enough the editors do their best to pass on ignorance and misinformation, please don't help them.

  • Re:Oh, for the good old days... (Score:2, Informative)

    by Anonymous Coward on Friday March 26, 2010 @03:45PM (#31631270)

    Check the HPA (host protected area) of the drive. I'd wager it's hiding in there.

  • Re:believe it or not (Score:3, Informative)

    by Spad ( 470073 ) <slashdot.spad@co@uk> on Friday March 26, 2010 @03:45PM (#31631280) Homepage

    Not to 90% of users there isn't.

  • Re:I'm torned (Score:3, Informative)

    by plover ( 150551 ) * on Friday March 26, 2010 @06:19PM (#31633408) Homepage Journal

    I started by opening the Program Files\Adobe\Reader x.x\ folder. You'll see a folder called plug_ins. Make a new folder called "unwanted_plug_ins". Open the original plug_ins folder and you'll see a bunch of .API files (they're just renamed DLLs.)

    I picked through them by name, and got rid of the obvious ones first: SendMail.API, ReadOutLoud.API, weblink.API, etc. I just dragged them to the "unwanted" folder. I then opened Adobe Reader and did some simple viewing tests with an existing PDF to make sure it still worked.

    Later, when I opened something from the web that didn't work right, it was pretty obvious that I had removed something it wanted. The error was something like "couldn't verify digital signature" so I restored the original DigSig.api file.

    It was just some basic crawling thru their junk and applying common sense, nothing spectacularly innovative.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close