New Malware Overwrites Software Updaters 78
itwbennett writes "Researchers at Bach Khoa Internetwork Security (BKIS), a Vietnamese security company, have found a new type of malware that 'masks itself as an updater for Adobe Systems' products and other software such as Java,' wrote BKIS analyst Nguyen Cong Cuong in a post on the company's blog. BKIS showed screenshots of a variant of the malware that imitates Adobe Reader version 9 and overwrites the AdobeUpdater.exe, which regularly checks in with Adobe to see if a new version of the software is available."
Adobe was removed 3 years ago (Score:3, Interesting)
What difference will that make to my general new-fangled-interweb experience?
Enquiring minds need to know...
i had a bout of paranoia where i imagined this (Score:5, Interesting)
about a month ago, while going through the motions of updating java one day (clicking on all those security warnings, running the little interface), i thought: to hack a system, why not just copy this stupid little interface and have the user gleefully click through all of the little security warnings?
and now my fleeting paranoia is reality: you can't trust the updaters anymore
which makes this news from two days ago all the more prescient:
http://it.slashdot.org/article.pl?sid=10/03/24/189248 [slashdot.org]
"Microsoft To Distribute Third-Party Patches"
furthermore, i despise the fact that just because i have quicktime and adobe and java installed, i have to always have these useless potentially bogus processes constantly running in the background doing nothing but waiting for their once monthly updates
it makes much better sense to have ALL software updated through one repository which, obviously, has to be microsoft
now microsoft is responsible for a secure update process, you don't have to worry about 9 different third party update mechanisms and have them constantly running, and finally, the big fat shiny nail in the coffin: you don't have to worry about this malware posing as an updater
a negative being: now you're pretty much sending microsoft a manifest of all of your installed software every time you get an update, but i see no way around that without this new hack entering the picture
Oh, for the good old days... (Score:5, Interesting)
I used to sit there and think, "well, if I were a criminal, I'd do this, that and the other" (this that and the other being stuff like replacing updaters, faking out security software so it couldn't update, having multiple processes that "watchdogged" each other, yada yada). Nowadays, they're doing that shit and a whole lot more I never thought of.
Once your system is comprised, it's pretty much never a good idea to trust it until its been completely rebuilt from the ground up.
I'm currently in the middle of doing this for a friend. Whatever the heck he had was so dug in that I had him replace the hard drive, reinstall a fresh OS, patch up, reinstall apps from disk, and now I'm restoring his user data from the original drive (carefully with auto-run disabled) mounted from a USB enclosure.
Re:I'm torned (Score:1, Interesting)
OSS Alts Exist for reading PDF's that don't have this pushy update system. That's the problem is that when you launch any adobe produce, it launches the updater, which is the problem(Executable redirect). ;
Who cares? You're already compromised (Score:3, Interesting)
I don't get it. If your system has had Administrator-owned files replaced with malicious versions, then your system has already been compromised! Game over. It's already too late.
Re:i had a bout of paranoia where i imagined this (Score:3, Interesting)
Re:I'm torned (Score:4, Interesting)
I completely neutered my copy of Adobe. I removed all the plug-in DLLs that did stuff I don't need or care about, or that were a security threat: accessibility, web linking, etc. I shut off Javascript execution in the preferences panel. And I disabled and removed everything related to Adobe Updater. If I feel like updating it, I will. (Hint: I don't.)
I can still view ordinary documents without trouble. I can't "use" a form in the way that some companies have replaced their web browsers with Adobe front ends, but that's OK by me -- it's not required for my day job, and I certainly don't have to give fools like that my personal business.
As a bonus, Adobe Reader launches much faster than before.
Re:Thiefs! (Score:3, Interesting)
"Can I patent malware?"
Interesting question.
Maybe if all of this was patented, the person with the patents could then sue the snot out of all the people using this malware (the distributors of it) and ask for subpoenas to get them IDed so that they could be reported to the Feds for prosecution.
Wait. Bad idea. Putting something like that in the hands of Patent Trolls would be the end of Civilization as we know it...and we all know the additional costs of Malware would simply be passed on to the customer.